mirror of
https://github.com/open5gs/open5gs.git
synced 2026-04-28 03:19:31 +00:00
6a29f11115
ogs_pco_parse() previously relied on ogs_assert() to verify the bounds of Protocol/Container fields while parsing PCO/EPCO data. If the outer PCO/EPCO length was inconsistent with the internal container encoding (e.g., truncated Container-ID, Container-Length, or container data), the assert would trigger and terminate the process. Because PCO/EPCO is derived from UE-supplied NAS messages (e.g., PDU Session Establishment Request), a malformed EPCO IE could trigger a remote SMF crash, resulting in a denial-of-service condition. This patch replaces the assert-based bounds checks with explicit runtime validation and returns an error when malformed or truncated PCO/EPCO is detected. The SMF can then reject the request cleanly instead of aborting. Checks added: - Validate minimum PCO/EPCO length before accessing header fields - Verify Container-ID bounds - Verify Container-Length bounds - Verify container payload length - Detect container count overflow beyond OGS_MAX_NUM_OF_PROTOCOL_OR_CONTAINER_ID With these changes, malformed EPCO inputs are safely rejected and the SMF remains operational. Issues: #4341 |
||
|---|---|---|
| .. | ||
| app | ||
| asn1c | ||
| core | ||
| crypt | ||
| dbi | ||
| diameter | ||
| gtp | ||
| ipfw | ||
| metrics | ||
| nas | ||
| ngap | ||
| pfcp | ||
| proto | ||
| s1ap | ||
| sbi | ||
| sctp | ||
| tun | ||
| meson.build | ||