mirror of
https://github.com/open5gs/open5gs.git
synced 2026-04-28 03:19:31 +00:00
2575c49803
and NRF NFProfile validation by adding defensive checks and safer memory handling. Key changes: 1) Prevent client creation without endpoint information - Added error logging when NF instance lacks FQDN/IP endpoint data. - Avoids creating invalid SBI clients with incomplete connectivity info. 2) Enforce query parameter limits - Added explicit bounds check against MAX_NUM_OF_PARAM_IN_QUERY. - Returns HTTP 400 instead of triggering fatal assertion. - Prevents potential DoS via excessive query parameters. 3) Safer HTTP body memory handling - Introduced temporary buffer for malloc/realloc results. - Prevents loss of original pointer on realloc failure. - Returns NGHTTP2_ERR_TEMPORAL_CALLBACK_FAILURE on overflow. - Improves resilience against large/fragmented payload attacks. 4) Validate NFProfile endpoint presence during registration - Rejects NFProfile lacking FQDN, IPv4, and IPv6 addresses. - Returns HTTP 400 with explicit error message. - Prevents NRF from storing unreachable NF instances. Overall, this patch strengthens SBI stability and protects against resource exhaustion, malformed requests, and invalid NF registrations. Issues: #4243, #4244, #4245 |
||
|---|---|---|
| .. | ||
| app | ||
| asn1c | ||
| core | ||
| crypt | ||
| dbi | ||
| diameter | ||
| gtp | ||
| ipfw | ||
| metrics | ||
| nas | ||
| ngap | ||
| pfcp | ||
| proto | ||
| s1ap | ||
| sbi | ||
| sctp | ||
| tun | ||
| meson.build | ||