Fixed a crash when slice/session overflow (#1637)
This commit is contained in:
parent
ad159d1755
commit
50be661cf9
|
@ -2057,7 +2057,9 @@ void amf_clear_subscribed_info(amf_ue_t *amf_ue)
|
|||
|
||||
ogs_assert(amf_ue);
|
||||
|
||||
ogs_assert(amf_ue->num_of_slice <= OGS_MAX_NUM_OF_SLICE);
|
||||
for (i = 0; i < amf_ue->num_of_slice; i++) {
|
||||
ogs_assert(amf_ue->slice[i].num_of_session <= OGS_MAX_NUM_OF_SESS);
|
||||
for (j = 0; j < amf_ue->slice[i].num_of_session; j++) {
|
||||
ogs_assert(amf_ue->slice[i].session[j].name);
|
||||
ogs_free(amf_ue->slice[i].session[j].name);
|
||||
|
|
|
@ -1000,6 +1000,11 @@ int gmm_handle_ul_nas_transport(amf_ue_t *amf_ue,
|
|||
|
||||
|
||||
for (i = 0; i < amf_ue->num_of_slice; i++) {
|
||||
if (i >= OGS_MAX_NUM_OF_SLICE) {
|
||||
ogs_warn("Ignore max slice count overflow [%d>=%d]",
|
||||
amf_ue->num_of_slice, OGS_MAX_NUM_OF_SLICE);
|
||||
break;
|
||||
}
|
||||
if (ul_nas_transport->presencemask &
|
||||
OGS_NAS_5GS_UL_NAS_TRANSPORT_S_NSSAI_PRESENT) {
|
||||
ogs_nas_s_nssai_ie_t ie;
|
||||
|
@ -1015,6 +1020,12 @@ int gmm_handle_ul_nas_transport(amf_ue_t *amf_ue,
|
|||
}
|
||||
}
|
||||
for (j = 0; j < amf_ue->allowed_nssai.num_of_s_nssai; j++) {
|
||||
if (j >= OGS_MAX_NUM_OF_SLICE) {
|
||||
ogs_warn("Ignore max slice count overflow [%d>=%d]",
|
||||
amf_ue->allowed_nssai.num_of_s_nssai,
|
||||
OGS_MAX_NUM_OF_SLICE);
|
||||
break;
|
||||
}
|
||||
if (amf_ue->slice[i].s_nssai.sst ==
|
||||
amf_ue->allowed_nssai.s_nssai[j].sst &&
|
||||
amf_ue->slice[i].s_nssai.sd.v ==
|
||||
|
@ -1025,6 +1036,13 @@ int gmm_handle_ul_nas_transport(amf_ue_t *amf_ue,
|
|||
|
||||
for (k = 0;
|
||||
k < amf_ue->slice[i].num_of_session; k++) {
|
||||
if (k >= OGS_MAX_NUM_OF_SESS) {
|
||||
ogs_warn("Ignore max session "
|
||||
"count overflow [%d>=%d]",
|
||||
amf_ue->slice[i].num_of_session,
|
||||
OGS_MAX_NUM_OF_SESS);
|
||||
break;
|
||||
}
|
||||
if (!strcmp(dnn->value,
|
||||
amf_ue->slice[i].session[k].name)) {
|
||||
|
||||
|
|
|
@ -566,7 +566,15 @@ static int hss_ogs_diam_s6a_ulr_cb( struct msg **msg, struct avp *avp,
|
|||
struct avp *pdn_gw_allocation_type;
|
||||
struct avp *vplmn_dynamic_address_allowed;
|
||||
|
||||
ogs_session_t *session = &slice_data->session[i];
|
||||
ogs_session_t *session = NULL;
|
||||
|
||||
if (i >= OGS_MAX_NUM_OF_SESS) {
|
||||
ogs_warn("Ignore max session count overflow [%d>=%d]",
|
||||
slice_data->num_of_session, OGS_MAX_NUM_OF_SESS);
|
||||
break;
|
||||
}
|
||||
|
||||
session = &slice_data->session[i];
|
||||
ogs_assert(session);
|
||||
session->context_identifier = i+1;
|
||||
|
||||
|
|
|
@ -592,7 +592,15 @@ static int hss_ogs_diam_swx_sar_cb( struct msg **msg, struct avp *avp,
|
|||
struct avp *pdn_gw_allocation_type;
|
||||
struct avp *vplmn_dynamic_address_allowed;
|
||||
|
||||
ogs_session_t *session = &slice_data->session[i];
|
||||
ogs_session_t *session = NULL;
|
||||
|
||||
if (i >= OGS_MAX_NUM_OF_SESS) {
|
||||
ogs_warn("Ignore max session count overflow [%d>=%d]",
|
||||
slice_data->num_of_session, OGS_MAX_NUM_OF_SESS);
|
||||
break;
|
||||
}
|
||||
|
||||
session = &slice_data->session[i];
|
||||
ogs_assert(session);
|
||||
session->context_identifier = i+1;
|
||||
|
||||
|
|
|
@ -3281,6 +3281,7 @@ void mme_session_remove_all(mme_ue_t *mme_ue)
|
|||
|
||||
ogs_assert(mme_ue);
|
||||
|
||||
ogs_assert(mme_ue->num_of_session <= OGS_MAX_NUM_OF_SESS);
|
||||
for (i = 0; i < mme_ue->num_of_session; i++) {
|
||||
if (mme_ue->session[i].name)
|
||||
ogs_free(mme_ue->session[i].name);
|
||||
|
@ -3297,6 +3298,7 @@ ogs_session_t *mme_session_find_by_apn(mme_ue_t *mme_ue, char *apn)
|
|||
ogs_assert(mme_ue);
|
||||
ogs_assert(apn);
|
||||
|
||||
ogs_assert(mme_ue->num_of_session <= OGS_MAX_NUM_OF_SESS);
|
||||
for (i = 0; i < mme_ue->num_of_session; i++) {
|
||||
session = &mme_ue->session[i];
|
||||
ogs_assert(session->name);
|
||||
|
@ -3314,6 +3316,7 @@ ogs_session_t *mme_default_session(mme_ue_t *mme_ue)
|
|||
|
||||
ogs_assert(mme_ue);
|
||||
|
||||
ogs_assert(mme_ue->num_of_session <= OGS_MAX_NUM_OF_SESS);
|
||||
for (i = 0; i < mme_ue->num_of_session; i++) {
|
||||
session = &mme_ue->session[i];
|
||||
if (session->context_identifier == mme_ue->context_identifier)
|
||||
|
|
|
@ -913,8 +913,14 @@ static void mme_s6a_ula_cb(void *data, struct msg **msg)
|
|||
*/
|
||||
case OGS_DIAM_S6A_AVP_CODE_APN_CONFIGURATION:
|
||||
{
|
||||
ogs_session_t *session =
|
||||
&slice_data->session[slice_data->num_of_session];
|
||||
ogs_session_t *session = NULL;
|
||||
|
||||
if (slice_data->num_of_session >= OGS_MAX_NUM_OF_SESS) {
|
||||
ogs_warn("Ignore max session count overflow [%d>=%d]",
|
||||
slice_data->num_of_session, OGS_MAX_NUM_OF_SESS);
|
||||
break;
|
||||
}
|
||||
session = &slice_data->session[slice_data->num_of_session];
|
||||
ogs_assert(session);
|
||||
|
||||
/* AVP: 'Service-Selection'(493)
|
||||
|
|
|
@ -1111,7 +1111,7 @@ void mme_s11_handle_release_access_bearers_response(
|
|||
* Check MME-UE Context
|
||||
***********************/
|
||||
if (!mme_ue_from_teid) {
|
||||
ogs_error("No Context in TEID");
|
||||
ogs_error("No Context in TEID [ACTION:%d]", action);
|
||||
}
|
||||
|
||||
/********************
|
||||
|
@ -1123,7 +1123,7 @@ void mme_s11_handle_release_access_bearers_response(
|
|||
|
||||
cause_value = cause->value;
|
||||
if (cause_value != OGS_GTP2_CAUSE_REQUEST_ACCEPTED)
|
||||
ogs_error("GTP Failed [CAUSE:%d]", cause_value);
|
||||
ogs_error("GTP Failed [CAUSE:%d, ACTION:%d]", cause_value, action);
|
||||
}
|
||||
|
||||
/********************
|
||||
|
|
|
@ -67,10 +67,13 @@ void mme_s6a_handle_ula(mme_ue_t *mme_ue,
|
|||
|
||||
mme_session_remove_all(mme_ue);
|
||||
|
||||
mme_ue->num_of_session = slice_data->num_of_session;
|
||||
mme_ue->context_identifier = slice_data->context_identifier;
|
||||
|
||||
for (i = 0; i < slice_data->num_of_session; i++) {
|
||||
if (i >= OGS_MAX_NUM_OF_SESS) {
|
||||
ogs_warn("Ignore max session count overflow [%d>=%d]",
|
||||
slice_data->num_of_session, OGS_MAX_NUM_OF_SESS);
|
||||
break;
|
||||
}
|
||||
|
||||
mme_ue->session[i].name = ogs_strdup(slice_data->session[i].name);
|
||||
ogs_assert(mme_ue->session[i].name);
|
||||
|
||||
|
@ -89,4 +92,7 @@ void mme_s6a_handle_ula(mme_ue_t *mme_ue,
|
|||
memcpy(&mme_ue->session[i].smf_ip, &slice_data->session[i].smf_ip,
|
||||
sizeof(mme_ue->session[i].smf_ip));
|
||||
}
|
||||
|
||||
mme_ue->num_of_session = i;
|
||||
mme_ue->context_identifier = slice_data->context_identifier;
|
||||
}
|
||||
|
|
|
@ -539,13 +539,26 @@ bool udr_nudr_dr_handle_subscription_provisioned(
|
|||
ogs_assert(SubscribedSnssaiInfoList);
|
||||
|
||||
for (i = 0; i < subscription_data.num_of_slice; i++) {
|
||||
if (i >= OGS_MAX_NUM_OF_SLICE) {
|
||||
ogs_warn("Ignore max slice count overflow [%d>=%d]",
|
||||
subscription_data.num_of_slice, OGS_MAX_NUM_OF_SLICE);
|
||||
break;
|
||||
}
|
||||
slice_data = &subscription_data.slice[i];
|
||||
|
||||
DnnInfoList = OpenAPI_list_create();
|
||||
ogs_assert(DnnInfoList);
|
||||
|
||||
for (j = 0; j < slice_data->num_of_session; j++) {
|
||||
ogs_session_t *session = &slice_data->session[j];
|
||||
ogs_session_t *session = NULL;
|
||||
|
||||
if (j >= OGS_MAX_NUM_OF_SESS) {
|
||||
ogs_warn("Ignore max session count overflow [%d>=%d]",
|
||||
slice_data->num_of_session, OGS_MAX_NUM_OF_SESS);
|
||||
break;
|
||||
}
|
||||
|
||||
session = &slice_data->session[j];
|
||||
ogs_assert(session);
|
||||
ogs_assert(session->name);
|
||||
|
||||
|
@ -662,7 +675,15 @@ bool udr_nudr_dr_handle_subscription_provisioned(
|
|||
dnnConfigurationList = OpenAPI_list_create();
|
||||
|
||||
for (i = 0; i < slice_data->num_of_session; i++) {
|
||||
ogs_session_t *session = &slice_data->session[i];
|
||||
ogs_session_t *session = NULL;
|
||||
|
||||
if (i >= OGS_MAX_NUM_OF_SESS) {
|
||||
ogs_warn("Ignore max session count overflow [%d>=%d]",
|
||||
slice_data->num_of_session, OGS_MAX_NUM_OF_SESS);
|
||||
break;
|
||||
}
|
||||
|
||||
session = &slice_data->session[i];
|
||||
ogs_assert(session);
|
||||
ogs_assert(session->name);
|
||||
|
||||
|
@ -1024,7 +1045,15 @@ bool udr_nudr_dr_handle_policy_data(
|
|||
slice_data = &subscription_data.slice[0];
|
||||
|
||||
for (i = 0; i < slice_data->num_of_session; i++) {
|
||||
ogs_session_t *session = &slice_data->session[i];
|
||||
ogs_session_t *session = NULL;
|
||||
|
||||
if (i >= OGS_MAX_NUM_OF_SESS) {
|
||||
ogs_warn("Ignore max session count overflow [%d>=%d]",
|
||||
slice_data->num_of_session, OGS_MAX_NUM_OF_SESS);
|
||||
break;
|
||||
}
|
||||
|
||||
session = &slice_data->session[i];
|
||||
ogs_assert(session);
|
||||
ogs_assert(session->name);
|
||||
|
||||
|
|
Loading…
Reference in New Issue