mirror of
https://github.com/open5gs/open5gs.git
synced 2026-04-28 03:19:31 +00:00
3c8178cff1
Replace ogs_assert() checks in ogs_gtp2_parse_tft() with explicit runtime length validation to prevent process abort on malformed TFT/TAD IEs. Previously, insufficient length checks could trigger assertion failures when parsing crafted BearerResourceCommand messages with invalid packet filter content lengths. This allowed a malformed TFT/TAD IE to cause a crash (SIGABRT) in SMF. This patch: - Adds explicit boundary checks before every field access - Validates that content.length does not exceed remaining IE length - Protects component array bounds during parsing - Logs errors and returns current parsed size instead of aborting The function now gracefully rejects malformed input without terminating the process, preventing potential denial-of-service conditions on S5-C interface. No functional change for valid messages. Issues: #4281 |
||
|---|---|---|
| .. | ||
| v1 | ||
| v2 | ||
| context.c | ||
| context.h | ||
| meson.build | ||
| ogs-gtp.h | ||
| path.c | ||
| path.h | ||
| util.c | ||
| util.h | ||
| xact.c | ||
| xact.h | ||