vrr/open5gs
2
0
Fork 0
mirror of https://github.com/open5gs/open5gs.git synced 2026-05-05 23:37:22 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

[SEC] Improve PFCP Message Validation to Prevent Fragmentation Attacks (#3689)

Browse source 
This commit adds additional checks in the PFCP receive callback to ensure
that a complete PFCP message is received before parsing. A minimum header
length check and a total message length validation are now performed. This
prevents incomplete, fragmented messages from being processed and avoids
potential parsing errors and DoS conditions.
This commit is contained in:
Sukchan Lee 2025-02-02 10:38:29 +09:00
parent b1462f7236
commit 32cf4daf3a
6 changed files with 105 additions and 138 deletions
Download patch file Download diff file Expand all files Collapse all files

4
lib/pfcp/path.h
View file

@ -1,5 +1,5 @@
/*
* Copyright (C) 2019 by Sukchan Lee <acetcom@gmail.com>
* Copyright (C) 2019-2025 by Sukchan Lee <acetcom@gmail.com>
*
* This file is part of Open5GS.
*
@ -58,6 +58,8 @@ typedef struct ogs_pfcp_xact_s ogs_pfcp_xact_t;
ogs_sock_t *ogs_pfcp_server(ogs_socknode_t *node);
int ogs_pfcp_sendto(ogs_pfcp_node_t *node, ogs_pkbuf_t *pkbuf);
ogs_pkbuf_t *ogs_pfcp_recvfrom(ogs_socket_t fd, ogs_sockaddr_t *from);
ogs_pkbuf_t *ogs_pfcp_handle_echo_req(ogs_pkbuf_t *pkt);
int ogs_pfcp_send_heartbeat_request(ogs_pfcp_node_t *node,