Closed
Bug 845930
Opened 12 years ago
Closed 10 years ago
Dialer does not validate phone numbers received via BlueTooth
Categories
(Firefox OS Graveyard :: Gaia::Dialer, defect)
Tracking
(Not tracked)
RESOLVED
WORKSFORME
People
(Reporter: st3fan, Unassigned)
References
Details
The dialer does not validate incoming phone numbers that are received via BlueTooth. It simply chops of the "ATD" part at the beginning and then blindy passes the rest of the number to mozTelephony, which (AFAIK) also does not do much validation of incoming phone numbers.
This opens up attacks against the RIL. It is for example possible to put a phone number containing 8KB of random data in the system this way. Ideally we match incoming numbers against strict checks as defined in for example E.164
|
||
Comment 1•12 years ago
|
||
The RIL protection part should have been implemented on 836215.
blocking-b2g: --- → tef?
Depends on: 836215
|
Reporter | |
Comment 2•12 years ago
|
||
(In reply to Antonio Manuel Amaya Calvo from comment #1)
> The RIL protection part should have been implemented on 836215.
Well, *somethign* breaks. I might be wrong and maybe it is not the RIL. Maybe it is the communication layer?
|
|
||
Comment 3•12 years ago
|
||
I didn't try using Bluetooth, I tried it by inserting random data into a phone field using the API contact. Do you have a test/sample I can use to test this with a current build?
|
||
Comment 4•12 years ago
|
||
(clearing tef? based on comment 1 and lack of information for what that "something" is in comment 2. please re-nom if this is looking for be something critical for v1.0.1 after more analysis is done)
blocking-b2g: tef? → ---
|
|
||
Comment 5•12 years ago
|
||
I've been reviewing the latest version of the code, and it should not fail.
BT calls get placed through [1] which calls CallHandler.dial [2] which in turns calls TelephonyHelper.call [3] which sanitizes the number to dial removing extraneous characters and doesn't place the call if the length of the cleaned number is higher than 50: [4].
Can it be you reviewed an older version? (older than 7d739c1 on v1-train or caede03 on v1.0.1, that's from 2013-02-26)
For me, this is also a works-for-me
[1] https://github.com/mozilla-b2g/gaia/blob/master/apps/communications/dialer/js/dialer.js#L136
[2] https://github.com/mozilla-b2g/gaia/blob/master/apps/communications/dialer/js/dialer.js#L215
[3] https://github.com/mozilla-b2g/gaia/blob/master/apps/communications/dialer/js/telephony_helper.js#L5
[4] https://github.com/mozilla-b2g/gaia/blob/master/apps/communications/dialer/js/telephony_helper.js#L89
|
||
Comment 6•10 years ago
|
||
This bug is out of date and we suspect that it's no longer valid. If you think this is in error, please reopen it.
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → WORKSFORME
You need to log in
before you can comment on or make changes to this bug.
Description
•