mirror of
https://github.com/open5gs/open5gs.git
synced 2026-04-28 11:29:32 +00:00
6a29f11115
ogs_pco_parse() previously relied on ogs_assert() to verify the bounds of Protocol/Container fields while parsing PCO/EPCO data. If the outer PCO/EPCO length was inconsistent with the internal container encoding (e.g., truncated Container-ID, Container-Length, or container data), the assert would trigger and terminate the process. Because PCO/EPCO is derived from UE-supplied NAS messages (e.g., PDU Session Establishment Request), a malformed EPCO IE could trigger a remote SMF crash, resulting in a denial-of-service condition. This patch replaces the assert-based bounds checks with explicit runtime validation and returns an error when malformed or truncated PCO/EPCO is detected. The SMF can then reject the request cleanly instead of aborting. Checks added: - Validate minimum PCO/EPCO length before accessing header fields - Verify Container-ID bounds - Verify Container-Length bounds - Verify container payload length - Detect container count overflow beyond OGS_MAX_NUM_OF_PROTOCOL_OR_CONTAINER_ID With these changes, malformed EPCO inputs are safely rejected and the SMF remains operational. Issues: #4341 |
||
|---|---|---|
| .. | ||
| conv.c | ||
| conv.h | ||
| event.c | ||
| event.h | ||
| meson.build | ||
| ogs-proto.h | ||
| timer.c | ||
| timer.h | ||
| types.c | ||
| types.h | ||