pfcp/ipfw: Improve error handling in PDR creation/update and ipfw rule parsing

- Added null-check for flow description direction token in ogs_ipfw_compile_rule() to prevent dereferencing a NULL pointer. - Replaced assertions with graceful error handling in Create/Update PDR handlers: * Log failure when ogs_ipfw_compile_rule() returns error. * Free allocated flow_description and remove the faulty PDR rule, then continue. - Improved logging for invalid pdi.network_instance: * Print length and include a hexdump of the invalid field. Issues: #4151
2026-04-28 03:19:31 +00:00 · 2025-11-20 16:39:17 +09:00 · 2025-11-20 16:39:17 +09:00 · 1c32777659
commit 1c32777659
parent d342458d95
2 changed files with 26 additions and 5 deletions
--- a/lib/ipfw/ogs-ipfw.c
+++ b/lib/ipfw/ogs-ipfw.c
@ -70,7 +70,7 @@ int ogs_ipfw_compile_rule(ogs_ipfw_rule_t *ipfw_rule, char *flow_description)

    /* Save DIRECTION */
    dir = token = ogs_strtok_r(NULL, " ", &saveptr);
-    if (strcmp(token, "out") != 0) {
+    if (!token || strcmp(token, "out") != 0) {
        ogs_error("Not begins with reserved keyword : 'permit out'");
        ogs_free(description);
        return OGS_ERROR;
--- a/lib/pfcp/handler.c
+++ b/lib/pfcp/handler.c
@ -577,7 +577,14 @@ ogs_pfcp_pdr_t *ogs_pfcp_handle_create_pdr(ogs_pfcp_sess_t *sess,
                    sdf_filter.flow_description_len+1);

            rv = ogs_ipfw_compile_rule(&rule->ipfw, flow_description);
-            ogs_assert(rv == OGS_OK);
+
+            if (rv != OGS_OK) {
+                ogs_error("ogs_ipfw_compile_rule() failed [%s]",
+                        flow_description);
+                ogs_free(flow_description);
+                ogs_pfcp_rule_remove(rule);
+                continue;
+            }

            ogs_free(flow_description);
 /*
@ -630,7 +637,11 @@ ogs_pfcp_pdr_t *ogs_pfcp_handle_create_pdr(ogs_pfcp_sess_t *sess,
            pdr->dnn = ogs_strdup(dnn);
            ogs_assert(pdr->dnn);
        } else {
-            ogs_error("Invalid pdi.network_instance");
+            ogs_error("Invalid pdi.network_instance [%d]",
+                    message->pdi.network_instance.len);
+            ogs_log_hexdump(OGS_LOG_ERROR,
+                    message->pdi.network_instance.data,
+                    message->pdi.network_instance.len);
        }
    }

@ -928,7 +939,13 @@ ogs_pfcp_pdr_t *ogs_pfcp_handle_update_pdr(ogs_pfcp_sess_t *sess,
                        sdf_filter.flow_description_len+1);

                rv = ogs_ipfw_compile_rule(&rule->ipfw, flow_description);
-                ogs_assert(rv == OGS_OK);
+                if (rv != OGS_OK) {
+                    ogs_error("ogs_ipfw_compile_rule() failed [%s]",
+                            flow_description);
+                    ogs_free(flow_description);
+                    ogs_pfcp_rule_remove(rule);
+                    continue;
+                }

                ogs_free(flow_description);
    /*
@ -979,7 +996,11 @@ ogs_pfcp_pdr_t *ogs_pfcp_handle_update_pdr(ogs_pfcp_sess_t *sess,
                pdr->dnn = ogs_strdup(dnn);
                ogs_assert(pdr->dnn);
            } else {
-                ogs_error("Invalid pdi.network_instance");
+                ogs_error("Invalid pdi.network_instance [%d]",
+                        message->pdi.network_instance.len);
+                ogs_log_hexdump(OGS_LOG_ERROR,
+                        message->pdi.network_instance.data,
+                        message->pdi.network_instance.len);
            }
        }