mirror of
https://github.com/open5gs/open5gs.git
synced 2026-04-28 11:29:32 +00:00
f7ec6ea2ed
This patch improves robustness of several GTPv1/v2 parsing paths by adding explicit length validation and replacing assert-based checks on network-controlled data with graceful error handling. Changes include: - GTPv1 MM Context parser: Add bounds checks for xres_len, autn_len and num_vectors to prevent stack overflows when decoding authentication quintuplets. - SMF Gn handler: Validate IMEI(SV) IE length before memcpy to prevent heap overflow in smf_ue->imeisv. - SMF Gn handler: Validate Common Flags IE length before dereferencing to avoid out-of-bounds reads when malformed IE is received. - GTPv1 ULI parser: Replace ogs_assert-based length checks with proper validation and error return to prevent abort() on truncated User Location Information IE. - SMF fd-path: Replace assertions on ULI payload presence with runtime checks to avoid process termination on malformed input. These changes ensure malformed or truncated network messages are handled gracefully instead of triggering process aborts. |
||
|---|---|---|
| .. | ||
| v1 | ||
| v2 | ||
| context.c | ||
| context.h | ||
| meson.build | ||
| ogs-gtp.h | ||
| path.c | ||
| path.h | ||
| util.c | ||
| util.h | ||
| xact.c | ||
| xact.h | ||