Closed Bug 835750 Opened 12 years ago Closed 12 years ago

Validate the numbers that are passed to the RIL to dial

Categories

(Firefox OS Graveyard :: Gaia::Dialer, defect)

Product:
Firefox OS Graveyard
Component:
Gaia::Dialer
Platform:
ARM
Gonk (Firefox OS)
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(blocking-b2g:tef+, b2g18 fixed, b2g18-v1.0.0 wontfix, b2g18-v1.0.1 verified)

Status:
VERIFIED FIXED
Project Flags:
blocking-b2g tef+
Tracking Flags:
Tracking Status
b2g18 --- fixed
b2g18-v1.0.0 --- wontfix
b2g18-v1.0.1 --- verified

People

(Reporter: amac, Assigned: gtorodelvalle)

References

Details

(Keywords: late-l10n)

Attachments

(1 file)

Associated PR.
260 bytes, text/html
arcturus
: review+
Details 
Currently neither Gaia nor Gecko make any kind of control on what they pass to the RIL. The Dialer doesn't allow to input other things that numbers directly (although it can receive it by WebActivities) and anyone that uses the contact API can store any string they choose on a phone number. That string will then be passed as is to the underlying RIL library.

While it's true that the RIL library should protect itself too, it's bad form to trust completely on that and can facilitate the remote exploit of any kind of shellcode exploits that appear for the RIL libraries. 

I think Gecko should control that what it has received as a number to dial is indeed a number, and throw early otherwise.
Marking as blocking since this is a potential huge security hole, with a very easy fix.
blocking-b2g: --- → tef?
tracking-firefox18: --- → ?
blocking-b2g: tef? → tef+
Summary: Control the numbers that are passed to the RIL → Validate the numbers that are passed to the RIL
Assignee: nobody → gtorodelvalle
Component: General → Gaia::Dialer
See Also: → 836215
Depends on: 836215
Marking status-b2g18 and status-b2g18-v1.0.0 as affected, please update the status to fixed once this is verified landed on v1-train/mozilla-b2g18 and v1.0.0/mozilla-b2g18_v_1_0_0
status-b2g18: --- → affected
status-b2g18-v1.0.0: --- → affected
tracking-firefox18: ? → ---
Summary: Validate the numbers that are passed to the RIL → Validate the numbers that are passed to the RIL to dial
Blocks: 836707
Depends on: 836708
Hi Victoria, we need to show a new informational message to the user when for some reason the device tries to establish a call to a not correct phone number and I was wondering if you could provide me with the text and options (buttons) you would like to show to the user. Thanks! ;-)
Flags: needinfo?(vpg)
Mari Ángeles tells me that this is more an Ayman's type of thing so I include you in the discussion ;-) Thanks!
Flags: needinfo?(aymanmaat)
Attached file Associated PR. 
NOTE: If blocking-basecamp+ is set, just land it for now.

[Approval Request Comment]
Bug caused by (feature/regressing bug #): Security code analysis.
User impact if declined: Malicious codes could be dialed.
Testing completed: Tested in Unagui forcing to show the informative message in case the number to be called was not valid. Otherwise, the call is made.
Risk to taking this patch (and alternatives if risky): No risk. We have just included a control to check if the number to dial is a valid one before going on to check the rest of controls (SIM availability, mobile connection availability, etc.).
Attachment #710662 - Flags: superreview?
Attachment #710662 - Flags: review?(francisco.jordano)
Attachment #710662 - Flags: approval-gaia-v1?
Attachment #710662 - Flags: superreview?
Hi :stas, just to inform you that we had to include a new informative message to the user in case she tries to call an invalid phone number ;-)
Flags: needinfo?(stas)
No pretty clear to me why we have 2 gecko bugs related to this, and we are fixing here the gaia part.

I would suggest to keep this bug as a meta bug, and add an extra bug for the gaia validation.
Do you refer to the bugs Antonio mentions this bug depends on? If yes, both are for the SMS app / case so I do not know it is very appropriate those "depends on" flags :-(
Attachment #710662 - Flags: approval-gaia-v1?
Deleting the "need-info" flags from Victoria and Ayman since we discussed it offline ;-)
The message's title should be: "Invalid phone number"
The message's body should be: "The phone number you are calling is not valid."
Thanks guys!
Flags: needinfo?(vpg)
Flags: needinfo?(aymanmaat)
Hi German,

I left you a comment on Github, just adding them here, could you resolve the problems with the unit tests?

I'm starting to be an asshole asking for passing unit tests for those apps that already have.

Thanks!
Please request info if you need info, but otherwise don't.
Flags: needinfo?(stas)
Keywords: late-l10n
Thanks Axel! I was not aware of that late-l10n keyword ;-) Thanks!
Hi German,

how are those unit test going?

Thanks
Being solved by Fernando Jiménez (https://bugzilla.mozilla.org/show_bug.cgi?id=838622) ;-) I included a comment in the pull request (https://github.com/mozilla-b2g/gaia/pull/7985) asking about the convenience to wait for them to be solved before merging this bug :-) What do you think?
I think that if we opened a bug that is blocking this we should use bugzilla to mark that.

Cheers!
Well, that is what we are discussing... If it is blocking it or not :-p In my opinion, it is not. It is about an absolutely distinct issue :-) Anyhow, since I guess you are suggesting to mark this bug as blocked by the one Fernando is solving, I'll do it :-) Thanks!
Depends on: 838622
Attachment #710662 - Flags: review?(francisco.jordano) → review+
Please only land once bug 838622 (now tef+) is resolved, to prevent a unit test regression.

Is bug 836708 also a blocker for landing?
(In reply to Alex Keybl [:akeybl] from comment #17)
> Is bug 836708 also a blocker for landing?

For landing this one it should not be.
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
(In reply to Alex Keybl [:akeybl] from comment #17)
> Please only land once bug 838622 (now tef+) is resolved, to prevent a unit
> test regression. 

Alex, I don't see tef+ on that bug, or any branch flags for that matter.  Please advise.

> Is bug 836708 also a blocker for landing?
Flags: needinfo?(akeybl)
(In reply to John Ford [:jhford] from comment #19)
> (In reply to Alex Keybl [:akeybl] from comment #17)
> > Please only land once bug 838622 (now tef+) is resolved, to prevent a unit
> > test regression. 
> 
> Alex, I don't see tef+ on that bug, or any branch flags for that matter. 
> Please advise.

Fixed, it's now tef+
Flags: needinfo?(akeybl)
This commit does not apply cleanly to v1-train, v1.0.1.  If this patch depends on another bug, please comment here and I will retry when that bug is approved to land on all branches that this bug needs to land on.  If the merge conflict needs to be resolved by hand, the following commands could be a useful starting point:

cd gaia
git checkout v1-train
git cherry-pick -x -m1 0511964bbbd3fbec9810bf8477f50607cf3776a7
<resolve merge conflict>
git checkout v1.0.1
git cherry-pick -x $(git log --pretty=%H -n1 v1-train)


#	both modified:      apps/communications/dialer/js/telephony_helper.js
#	both modified:      apps/communications/dialer/test/unit/mock_utils.js
Hi John, this bug depends on https://bugzilla.mozilla.org/show_bug.cgi?id=838622 as stated in the "depends" on field ;-) I have just evolved that bug to RESOLVED-FIXED since its pull request already landed. Thanks!

(In reply to John Ford [:jhford] from comment #21)
> This commit does not apply cleanly to v1-train, v1.0.1.  If this patch
> depends on another bug, please comment here and I will retry when that bug
> is approved to land on all branches that this bug needs to land on.  If the
> merge conflict needs to be resolved by hand, the following commands could be
> a useful starting point:
> 
> cd gaia
> git checkout v1-train
> git cherry-pick -x -m1 0511964bbbd3fbec9810bf8477f50607cf3776a7
> <resolve merge conflict>
> git checkout v1.0.1
> git cherry-pick -x $(git log --pretty=%H -n1 v1-train)
> 
> 
> #	both modified:      apps/communications/dialer/js/telephony_helper.js
> #	both modified:      apps/communications/dialer/test/unit/mock_utils.js
(In reply to gtorodelvalle from comment #22)
> Hi John, this bug depends on
> https://bugzilla.mozilla.org/show_bug.cgi?id=838622 as stated in the
> "depends" on field ;-) I have just evolved that bug to RESOLVED-FIXED since
> its pull request already landed. Thanks!

Hey, I uplifted 838622 and I'm still seeing the merge conflict in apps/communications/dialer/js/telephony_helper.js
(In reply to John Ford [:jhford] from comment #23)
> (In reply to gtorodelvalle from comment #22)
> > Hi John, this bug depends on
> > https://bugzilla.mozilla.org/show_bug.cgi?id=838622 as stated in the
> > "depends" on field ;-) I have just evolved that bug to RESOLVED-FIXED since
> > its pull request already landed. Thanks!
> 
> Hey, I uplifted 838622 and I'm still seeing the merge conflict in
> apps/communications/dialer/js/telephony_helper.js

Hi John, you are completely right ;-) After having a look at it, it seems that the update which is missing is the one provided by Etienne to solve this bug: https://bugzilla.mozilla.org/show_bug.cgi?id=840538 This is the PR: https://github.com/mozilla-b2g/gaia/pull/8063 The code regarding "postponing" the RIL instantiation (var telephony = navigator.mozTelephony;)
Blocks: 845383
Blocks: 845361
Test Case is not needed in Moztrap for this issue.
Flags: in-moztrap-
Can you please provide steps to verify this fix as we will blackbox test from the UI?
Antonio if you can Verify this bug out, it would be much appreciated.
Flags: needinfo?(amac)
Keywords: verifyme
Blocks: 845539
As mentioned in bug 845539 and shared yesterday with Antonio via Skype, this is not working. I am discussing with Mari Ángeles the way to proceed ;-) I'll keep you posted.
Depends on: 859719
Please, refer to bug 859719 regarding the testing/validation of this bug. Thanks!
The issue appears to be fixed on v1.1 and v1.0.1 builds. 

Environmental  Variables:
Unagi Build ID: 20130410070209
Kernel Date: Dec 5
Gecko: http://hg.mozilla.org/releases/mozilla-b2g18_v1_0_1/rev/56c922308fd1
Gaia: 0a9f78bffafda93a159c1f502e8b110c2f49a500

Invalid phone number (The phone number you are calling is not valid) Displays as expected.
Status: RESOLVED → VERIFIED
Clearing the need info here as this was answered by German.
Flags: needinfo?(amac)
Shally, can you paste the revisions against which you verified?
Flags: needinfo?(lixia)
Per comment 22,I clear "Verifyme".
Flags: needinfo?(lixia)
Sorry,please ingnore Comment 34.
Per comment 31,I clear "Verifyme".
If someone feels convenient, please verify on "b2g18".
Keywords: verifyme
No need to verify on this version anymore. We don't have any flame build for that and the code base has probably changed for the past 2 years.
Keywords: verifyme
(In reply to Johan Lorenzo [:jlorenzo] (QA) from comment #37)
> No need to verify on this version anymore. We don't have any flame build for
> that and the code base has probably changed for the past 2 years.

OK,thanks
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: