vrr/open5gs
2
0
Fork 0
mirror of https://github.com/open5gs/open5gs.git synced 2026-05-05 23:37:22 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
open5gs/lib
History
Sukchan Lee 048a74005b [SEC] Heap overflow in parse PLMN-ID (#3154) 
An assert shall be triggered if sepp_node is corrupted.

```
pwndbg> p *sepp_node
$5 = {
  lnode = {
    prev = 0x0,
    next = 0xaaaac920c638
  },
  receiver = 0xaaaac9230990 "sepp2.localdomain",
  negotiated_security_scheme = OpenAPI_security_capability_TLS,
  target_apiroot_supported = true,
  plmn_id = {{
      mcc1 = 6 '\006',
      mcc2 = 6 '\006',
      mcc3 = 6 '\006',
      mnc1 = 6 '\006',
      mnc2 = 6 '\006',
      mnc3 = 6 '\006'
    } <repeats 12 times>},
  num_of_plmn_id = 6710887,
  target_plmn_id_presence = false,
  target_plmn_id = {
    mcc1 = 0 '\000',
    mcc2 = 0 '\000',
    mcc3 = 0 '\000',
    mnc1 = 0 '\000',
    mnc2 = 0 '\000',
    mnc3 = 0 '\000'
  },
  supported_features = 1,
  sm = {
    init = 0xaaaaada181fc <sepp_handshake_state_initial>,
    fini = 0xaaaaada18390 <sepp_handshake_state_final>,
    state = 0xaaaaada194b4 <sepp_handshake_state_established>
  },
  t_establish_interval = 0xffffa7d6c4e0,
  client = 0xaaaac91af010,
  n32f = {
    client = 0xaaaac91af090
  }
}
pwndbg> p/x sepp_node.num_of_plmn_id
$6 = 0x666667
```
2024-04-30 22:10:45 +09:00
..
app [CORE] logger: add option to disable timestamps 2024-04-18 21:08:35 +09:00
asn1c [ASN1C] Fixed asn1c library on 32bit (#2934) 2024-02-12 14:00:06 +09:00
core [CORE] logger: add option to disable timestamps 2024-04-18 21:08:35 +09:00
crypt [UDM] Added validation for pubkey 2024-03-24 14:09:10 +09:00
dbi [DBI] mongoc version not checked correctly #3086 2024-03-31 20:41:50 +09:00
diameter cosmetic: Fix trailing whitespace 2024-04-09 07:13:51 +09:00
gtp [GTP] Incorrect destination TEID=0 (#3043) 2024-04-06 16:39:32 +09:00
ipfw [SMF] Added Bi-Directional Flow (#2909) 2024-02-17 20:43:15 +01:00
metrics [SEPP] Initial Update for 5G Roaming (#2739) 2023-11-19 19:34:51 +09:00
nas [SMF] crash when malformed NAS message (#3132) 2024-04-13 15:03:09 +09:00
ngap [MME/AMF] Fixed crash following Handover Request (#3014) 2024-02-29 23:02:38 +09:00
pfcp [SMF/UPF] Follow-up on Pull #3137 (Issues #2975) 2024-04-14 09:19:07 +09:00
proto UE context transfer (#3052) 2024-03-21 07:07:25 +09:00
s1ap [Release-17] Upgrade S1AP/NGAP to v17.3.9 2023-02-21 21:48:06 +09:00
sbi [SEC] Heap overflow in parse PLMN-ID (#3154) 2024-04-30 22:10:45 +09:00
sctp [MME] Added log messages to find memory problem 2024-02-27 21:16:50 +09:00
tun [ALL] Removing trailing whitespace and tab 2022-09-02 23:38:39 +09:00
meson.build [SEPP] Initial Update for 5G Roaming (#2739) 2023-11-19 19:34:51 +09:00