mirror of
https://github.com/open5gs/open5gs.git
synced 2026-04-28 03:19:31 +00:00
sgwc: Avoid crash on orphan S5-C responses without S11 transaction
SGW-C could be forced to abort when handling a crafted or delayed S5-C response (Create/Modify/Delete Session) if the associated S11 transaction no longer exists. The S5-C handler assumed that the corresponding S11 transaction is always present and unconditionally asserted its existence, leading to a process abort and denial-of-service. This change removes the fatal assertion and safely handles the case where the associated S11 transaction cannot be found by logging an error and ignoring the response. Issues: #4226
This commit is contained in:
Sukchan Lee
parent
98f76e98df
commit
b19cf6a2db
1 changed files with 19 additions and 7 deletions
|
|
@ -98,12 +98,16 @@ void sgwc_s5c_handle_create_session_response(
|
|||
* Check Transaction
|
||||
********************/
|
||||
ogs_assert(s5c_xact);
|
||||
s11_xact = ogs_gtp_xact_find_by_id(s5c_xact->assoc_xact_id);
|
||||
ogs_assert(s11_xact);
|
||||
|
||||
rv = ogs_gtp_xact_commit(s5c_xact);
|
||||
ogs_expect(rv == OGS_OK);
|
||||
|
||||
s11_xact = ogs_gtp_xact_find_by_id(s5c_xact->assoc_xact_id);
|
||||
if (!s11_xact) {
|
||||
ogs_error("No S11 Transaction");
|
||||
return;
|
||||
}
|
||||
|
||||
/************************
|
||||
* Getting Cause Value
|
||||
************************/
|
||||
|
|
@ -349,13 +353,17 @@ void sgwc_s5c_handle_modify_bearer_response(
|
|||
* Check Transaction
|
||||
********************/
|
||||
ogs_assert(s5c_xact);
|
||||
s11_xact = ogs_gtp_xact_find_by_id(s5c_xact->assoc_xact_id);
|
||||
ogs_assert(s11_xact);
|
||||
modify_action = s5c_xact->modify_action;
|
||||
|
||||
rv = ogs_gtp_xact_commit(s5c_xact);
|
||||
ogs_expect(rv == OGS_OK);
|
||||
|
||||
s11_xact = ogs_gtp_xact_find_by_id(s5c_xact->assoc_xact_id);
|
||||
if (!s11_xact) {
|
||||
ogs_error("No S11 Transaction");
|
||||
return;
|
||||
}
|
||||
modify_action = s5c_xact->modify_action;
|
||||
|
||||
/************************
|
||||
* Getting Cause Value
|
||||
************************/
|
||||
|
|
@ -490,12 +498,16 @@ void sgwc_s5c_handle_delete_session_response(
|
|||
* Check Transaction
|
||||
********************/
|
||||
ogs_assert(s5c_xact);
|
||||
s11_xact = ogs_gtp_xact_find_by_id(s5c_xact->assoc_xact_id);
|
||||
ogs_assert(s11_xact);
|
||||
|
||||
rv = ogs_gtp_xact_commit(s5c_xact);
|
||||
ogs_expect(rv == OGS_OK);
|
||||
|
||||
s11_xact = ogs_gtp_xact_find_by_id(s5c_xact->assoc_xact_id);
|
||||
if (!s11_xact) {
|
||||
ogs_error("No S11 Transaction");
|
||||
return;
|
||||
}
|
||||
|
||||
/************************
|
||||
* Getting Cause Value
|
||||
************************/
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue