Closed
Bug 835750
Opened 12 years ago
Closed 12 years ago
Validate the numbers that are passed to the RIL to dial
Categories
(Firefox OS Graveyard :: Gaia::Dialer, defect)
Tracking
(blocking-b2g:tef+, b2g18 fixed, b2g18-v1.0.0 wontfix, b2g18-v1.0.1 verified)
VERIFIED
FIXED
blocking-b2g | tef+ |
People
(Reporter: amac, Assigned: gtorodelvalle)
References
Details
(Keywords: late-l10n)
Attachments
(1 file)
Currently neither Gaia nor Gecko make any kind of control on what they pass to the RIL. The Dialer doesn't allow to input other things that numbers directly (although it can receive it by WebActivities) and anyone that uses the contact API can store any string they choose on a phone number. That string will then be passed as is to the underlying RIL library. While it's true that the RIL library should protect itself too, it's bad form to trust completely on that and can facilitate the remote exploit of any kind of shellcode exploits that appear for the RIL libraries. I think Gecko should control that what it has received as a number to dial is indeed a number, and throw early otherwise.
Reporter | ||
Comment 1•12 years ago
|
||
Marking as blocking since this is a potential huge security hole, with a very easy fix.
blocking-b2g: --- → tef?
tracking-firefox18:
--- → ?
Updated•12 years ago
|
blocking-b2g: tef? → tef+
Updated•12 years ago
|
Summary: Control the numbers that are passed to the RIL → Validate the numbers that are passed to the RIL
Assignee | ||
Updated•12 years ago
|
Assignee: nobody → gtorodelvalle
Updated•12 years ago
|
Component: General → Gaia::Dialer
Comment 2•12 years ago
|
||
Marking status-b2g18 and status-b2g18-v1.0.0 as affected, please update the status to fixed once this is verified landed on v1-train/mozilla-b2g18 and v1.0.0/mozilla-b2g18_v_1_0_0
Reporter | ||
Updated•12 years ago
|
Summary: Validate the numbers that are passed to the RIL → Validate the numbers that are passed to the RIL to dial
Assignee | ||
Comment 3•12 years ago
|
||
Hi Victoria, we need to show a new informational message to the user when for some reason the device tries to establish a call to a not correct phone number and I was wondering if you could provide me with the text and options (buttons) you would like to show to the user. Thanks! ;-)
Flags: needinfo?(vpg)
Assignee | ||
Comment 4•12 years ago
|
||
Mari Ángeles tells me that this is more an Ayman's type of thing so I include you in the discussion ;-) Thanks!
Flags: needinfo?(aymanmaat)
Assignee | ||
Comment 5•12 years ago
|
||
NOTE: If blocking-basecamp+ is set, just land it for now. [Approval Request Comment] Bug caused by (feature/regressing bug #): Security code analysis. User impact if declined: Malicious codes could be dialed. Testing completed: Tested in Unagui forcing to show the informative message in case the number to be called was not valid. Otherwise, the call is made. Risk to taking this patch (and alternatives if risky): No risk. We have just included a control to check if the number to dial is a valid one before going on to check the rest of controls (SIM availability, mobile connection availability, etc.).
Attachment #710662 -
Flags: superreview?
Attachment #710662 -
Flags: review?(francisco.jordano)
Attachment #710662 -
Flags: approval-gaia-v1?
Assignee | ||
Updated•12 years ago
|
Attachment #710662 -
Flags: superreview?
Assignee | ||
Comment 6•12 years ago
|
||
Hi :stas, just to inform you that we had to include a new informative message to the user in case she tries to call an invalid phone number ;-)
Flags: needinfo?(stas)
Comment 7•12 years ago
|
||
No pretty clear to me why we have 2 gecko bugs related to this, and we are fixing here the gaia part. I would suggest to keep this bug as a meta bug, and add an extra bug for the gaia validation.
Assignee | ||
Comment 8•12 years ago
|
||
Do you refer to the bugs Antonio mentions this bug depends on? If yes, both are for the SMS app / case so I do not know it is very appropriate those "depends on" flags :-(
Assignee | ||
Updated•12 years ago
|
Attachment #710662 -
Flags: approval-gaia-v1?
Assignee | ||
Comment 9•12 years ago
|
||
Deleting the "need-info" flags from Victoria and Ayman since we discussed it offline ;-) The message's title should be: "Invalid phone number" The message's body should be: "The phone number you are calling is not valid." Thanks guys!
Flags: needinfo?(vpg)
Flags: needinfo?(aymanmaat)
Comment 10•12 years ago
|
||
Hi German, I left you a comment on Github, just adding them here, could you resolve the problems with the unit tests? I'm starting to be an asshole asking for passing unit tests for those apps that already have. Thanks!
Comment 11•12 years ago
|
||
Please request info if you need info, but otherwise don't.
Flags: needinfo?(stas)
Keywords: late-l10n
Assignee | ||
Comment 12•12 years ago
|
||
Thanks Axel! I was not aware of that late-l10n keyword ;-) Thanks!
Comment 13•12 years ago
|
||
Hi German, how are those unit test going? Thanks
Updated•12 years ago
|
status-b2g18-v1.0.1:
--- → affected
Assignee | ||
Comment 14•12 years ago
|
||
Being solved by Fernando Jiménez (https://bugzilla.mozilla.org/show_bug.cgi?id=838622) ;-) I included a comment in the pull request (https://github.com/mozilla-b2g/gaia/pull/7985) asking about the convenience to wait for them to be solved before merging this bug :-) What do you think?
Comment 15•12 years ago
|
||
I think that if we opened a bug that is blocking this we should use bugzilla to mark that. Cheers!
Assignee | ||
Comment 16•12 years ago
|
||
Well, that is what we are discussing... If it is blocking it or not :-p In my opinion, it is not. It is about an absolutely distinct issue :-) Anyhow, since I guess you are suggesting to mark this bug as blocked by the one Fernando is solving, I'll do it :-) Thanks!
Updated•12 years ago
|
Attachment #710662 -
Flags: review?(francisco.jordano) → review+
Comment 17•12 years ago
|
||
Please only land once bug 838622 (now tef+) is resolved, to prevent a unit test regression. Is bug 836708 also a blocker for landing?
Reporter | ||
Comment 18•12 years ago
|
||
(In reply to Alex Keybl [:akeybl] from comment #17) > Is bug 836708 also a blocker for landing? For landing this one it should not be.
Assignee | ||
Updated•12 years ago
|
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
Comment 19•12 years ago
|
||
(In reply to Alex Keybl [:akeybl] from comment #17) > Please only land once bug 838622 (now tef+) is resolved, to prevent a unit > test regression. Alex, I don't see tef+ on that bug, or any branch flags for that matter. Please advise. > Is bug 836708 also a blocker for landing?
Flags: needinfo?(akeybl)
Comment 20•12 years ago
|
||
(In reply to John Ford [:jhford] from comment #19) > (In reply to Alex Keybl [:akeybl] from comment #17) > > Please only land once bug 838622 (now tef+) is resolved, to prevent a unit > > test regression. > > Alex, I don't see tef+ on that bug, or any branch flags for that matter. > Please advise. Fixed, it's now tef+
Flags: needinfo?(akeybl)
Comment 21•12 years ago
|
||
This commit does not apply cleanly to v1-train, v1.0.1. If this patch depends on another bug, please comment here and I will retry when that bug is approved to land on all branches that this bug needs to land on. If the merge conflict needs to be resolved by hand, the following commands could be a useful starting point: cd gaia git checkout v1-train git cherry-pick -x -m1 0511964bbbd3fbec9810bf8477f50607cf3776a7 <resolve merge conflict> git checkout v1.0.1 git cherry-pick -x $(git log --pretty=%H -n1 v1-train) # both modified: apps/communications/dialer/js/telephony_helper.js # both modified: apps/communications/dialer/test/unit/mock_utils.js
Assignee | ||
Comment 22•12 years ago
|
||
Hi John, this bug depends on https://bugzilla.mozilla.org/show_bug.cgi?id=838622 as stated in the "depends" on field ;-) I have just evolved that bug to RESOLVED-FIXED since its pull request already landed. Thanks! (In reply to John Ford [:jhford] from comment #21) > This commit does not apply cleanly to v1-train, v1.0.1. If this patch > depends on another bug, please comment here and I will retry when that bug > is approved to land on all branches that this bug needs to land on. If the > merge conflict needs to be resolved by hand, the following commands could be > a useful starting point: > > cd gaia > git checkout v1-train > git cherry-pick -x -m1 0511964bbbd3fbec9810bf8477f50607cf3776a7 > <resolve merge conflict> > git checkout v1.0.1 > git cherry-pick -x $(git log --pretty=%H -n1 v1-train) > > > # both modified: apps/communications/dialer/js/telephony_helper.js > # both modified: apps/communications/dialer/test/unit/mock_utils.js
Comment 23•12 years ago
|
||
(In reply to gtorodelvalle from comment #22) > Hi John, this bug depends on > https://bugzilla.mozilla.org/show_bug.cgi?id=838622 as stated in the > "depends" on field ;-) I have just evolved that bug to RESOLVED-FIXED since > its pull request already landed. Thanks! Hey, I uplifted 838622 and I'm still seeing the merge conflict in apps/communications/dialer/js/telephony_helper.js
Assignee | ||
Comment 24•12 years ago
|
||
(In reply to John Ford [:jhford] from comment #23) > (In reply to gtorodelvalle from comment #22) > > Hi John, this bug depends on > > https://bugzilla.mozilla.org/show_bug.cgi?id=838622 as stated in the > > "depends" on field ;-) I have just evolved that bug to RESOLVED-FIXED since > > its pull request already landed. Thanks! > > Hey, I uplifted 838622 and I'm still seeing the merge conflict in > apps/communications/dialer/js/telephony_helper.js Hi John, you are completely right ;-) After having a look at it, it seems that the update which is missing is the one provided by Etienne to solve this bug: https://bugzilla.mozilla.org/show_bug.cgi?id=840538 This is the PR: https://github.com/mozilla-b2g/gaia/pull/8063 The code regarding "postponing" the RIL instantiation (var telephony = navigator.mozTelephony;)
Comment 25•12 years ago
|
||
v1-train: 7d739c1 v1.0.1: caede03
Comment 27•11 years ago
|
||
Can you please provide steps to verify this fix as we will blackbox test from the UI?
Comment 28•11 years ago
|
||
Antonio if you can Verify this bug out, it would be much appreciated.
Flags: needinfo?(amac)
Keywords: verifyme
Assignee | ||
Comment 29•11 years ago
|
||
As mentioned in bug 845539 and shared yesterday with Antonio via Skype, this is not working. I am discussing with Mari Ángeles the way to proceed ;-) I'll keep you posted.
Assignee | ||
Comment 30•11 years ago
|
||
Please, refer to bug 859719 regarding the testing/validation of this bug. Thanks!
Comment 31•11 years ago
|
||
The issue appears to be fixed on v1.1 and v1.0.1 builds. Environmental Variables: Unagi Build ID: 20130410070209 Kernel Date: Dec 5 Gecko: http://hg.mozilla.org/releases/mozilla-b2g18_v1_0_1/rev/56c922308fd1 Gaia: 0a9f78bffafda93a159c1f502e8b110c2f49a500 Invalid phone number (The phone number you are calling is not valid) Displays as expected.
Status: RESOLVED → VERIFIED
Reporter | ||
Comment 32•11 years ago
|
||
Clearing the need info here as this was answered by German.
Flags: needinfo?(amac)
Comment 33•10 years ago
|
||
Shally, can you paste the revisions against which you verified?
Flags: needinfo?(lixia)
Comment 35•10 years ago
|
||
Sorry,please ingnore Comment 34. Per comment 31,I clear "Verifyme".
Comment 37•10 years ago
|
||
No need to verify on this version anymore. We don't have any flame build for that and the code base has probably changed for the past 2 years.
Keywords: verifyme
Comment 38•10 years ago
|
||
(In reply to Johan Lorenzo [:jlorenzo] (QA) from comment #37) > No need to verify on this version anymore. We don't have any flame build for > that and the code base has probably changed for the past 2 years. OK,thanks
You need to log in
before you can comment on or make changes to this bug.
Description
•