Confirmed users
971
edits
Security/Reviews/Gaia/Dialer: Difference between revisions
Security/Reviews/Gaia/Dialer (view source)
Revision as of 17:00, 26 February 2013
, 26 February 2013→Dial
(→Dial) |
|||
| Line 80: | Line 80: | ||
The dial handler does not actually dial numbers. The only thing it does is ask the KeypadManager to enter the number. The user will always have to tap the dial button before a call is being made. | The dial handler does not actually dial numbers. The only thing it does is ask the KeypadManager to enter the number. The user will always have to tap the dial button before a call is being made. | ||
*ISSUES:* The dialer does not correctly validate input. I was able to do multiple malicious things: | |||
* {{bug|845383}} Dialer accepts super long phone number which breaks the phone until reboot | |||
* {{bug|845361}} Dialer does not correctly validate input to the dial activity handler | |||
* {{bug|845045}} Dialer can be tricked into displaying one number but dialing another | |||
*ACTION:* We need better defensive coding around input taken from activities. | |||
==== System Messages ==== | ==== System Messages ==== | ||