mirror of
https://github.com/open5gs/open5gs.git
synced 2026-05-01 21:00:19 +00:00
769b6d24ac
The AMF could abort when processing malformed or oversized multipart SBI requests due to an assertion triggered in the multipart parser callback. When the parser encountered an overflow condition while assembling multipart part data, `on_part_data()` executed `ogs_assert_if_reached()`, causing the AMF process to terminate. This allowed malformed HTTP/2 multipart requests to trigger a denial-of-service condition. This patch replaces the assertion-based failure with graceful error handling: - Introduce `multipart_part_data_t` and explicit parser state tracking. - Add `parse_error` flag to propagate parsing failures. - Validate the result of `multipart_parser_execute()`. - Reject malformed multipart payloads instead of aborting. - Replace fatal assertions with error handling and proper cleanup. - Add centralized cleanup via `multipart_parser_data_free()`. As a result, malformed or oversized multipart bodies are now rejected with an error, while the AMF process remains operational. Issues: #4290 |
||
|---|---|---|
| .. | ||
| contrib | ||
| custom | ||
| openapi | ||
| support | ||
| client.c | ||
| client.h | ||
| context.c | ||
| context.h | ||
| conv.c | ||
| conv.h | ||
| meson.build | ||
| message.c | ||
| message.h | ||
| mhd-server.c | ||
| nf-sm.c | ||
| nf-sm.h | ||
| nghttp2-server.c | ||
| nnrf-build.c | ||
| nnrf-build.h | ||
| nnrf-handler.c | ||
| nnrf-handler.h | ||
| nnrf-path.c | ||
| nnrf-path.h | ||
| ogs-sbi.h | ||
| path.c | ||
| path.h | ||
| server.c | ||
| server.h | ||
| timer.c | ||
| timer.h | ||
| types.c | ||
| types.h | ||
| yuarel.c | ||
| yuarel.h | ||