vrr/open5gs
2
0
Fork 0
mirror of https://github.com/open5gs/open5gs.git synced 2026-04-26 10:30:41 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2
mirror of https://github.com/open5gs/open5gs link from https://open5gs.org/ https://open5gs.org
4916 commits 5 branches 75 tags 261 MiB
Find a file
Sukchan Lee 5ab76f2bea lib/sbi: Fix unsafe memory handling in access_handler() 
The HTTP upload handling in access_handler() used ogs_malloc() and
ogs_realloc() results directly assigned to request->http.content and
checked with ogs_assert(). On allocation failure this could abort the
process, leading to a potential denial-of-service condition. The pattern
was similar to the issue previously fixed in on_data_chunk_recv()
(CVE-2022-3299).

This change introduces a temporary pointer for memory allocation and
updates request->http.content only after successful allocation. It also
adds overflow-safe length checks before resizing the buffer and removes
assert-based error handling in favor of graceful failure.

This prevents process termination on allocation failure and aligns the
memory handling logic with the hardened implementation used in
nghttp2-based handlers.

Issues: #4387
2026-04-06 17:42:59 +09:00
.github Update cifuzz 2025-02-04 21:09:20 +09:00
configs [HR] Implement handling of UE-initiated PDU Session Modification (#2194) 2025-06-30 10:07:06 +09:00
debian Release v2.7.7 2026-03-15 20:53:34 +09:00
docker docker: remove deprecated version from docker-compose.yml 2026-02-08 11:55:34 +09:00
docs Release v2.7.7 2026-03-15 20:53:34 +09:00
lib lib/sbi: Fix unsafe memory handling in access_handler() 2026-04-06 17:42:59 +09:00
misc Add roaming type toggle via command line (#4211) 2025-12-23 13:53:53 +09:00
src amf: validate AMF-UE-NGAP-ID range to prevent crash from crafted NGAP messages 2026-04-06 16:16:17 +09:00
subprojects Tested on FreeBSD-14.1-STABLE (#3350) 2024-08-03 21:45:52 +09:00
tests amf/ngap: use ogs_warn for missing RAN UE context 2026-03-15 20:09:43 +09:00
vagrant Tested on FreeBSD-14.1-STABLE (#3350) 2024-08-03 21:45:52 +09:00
webui Release v2.7.7 2026-03-15 20:53:34 +09:00
.clang-tidy [MISC] Add support for static code analysis 2022-07-01 21:38:47 +09:00
.dockerignore [build] Use local sources to build applications (#1583) 2022-06-19 18:18:09 +09:00
.editorconfig editorconfig: new file (#2746) 2023-11-27 22:21:35 +09:00
.gitignore .gitignore: Add install/ dir 2023-10-10 08:03:25 +09:00
LICENSE Change LICENSE to GNU AGPL v3.0 2017-12-18 10:35:54 +09:00
meson.build Release v2.7.7 2026-03-15 20:53:34 +09:00
meson_options.txt [Fuzzing] oss-fuzz support for fuzzing (#2283) 2023-05-05 17:20:11 +09:00
README.md nrf: Fix serving PLMN counter reset on NF register 2026-02-04 20:51:29 +09:00

README.md

Open5GS logo

Getting Started

Please follow the documentation at open5gs.org!

Sponsors

If you find Open5GS useful for work, please consider supporting this Open Source project by Becoming a sponsor. To manage the funding transactions transparently, you can donate through OpenCollective.

sponsors

Community

  • Problem with Open5GS can be filed as issues in this repository.
  • Other topics related to this project are happening on the discussions.
  • Voice and text chat are available in Open5GS's Discord workspace. Use this link to get started.

Contributing

If you're contributing through a pull request to Open5GS project on GitHub, please read the Contributor License Agreement in advance.

License

Support

Technical support and customized services for Open5GS are provided by NewPlane at support@newplane.io.