acouzens
/
open5gs
1
0
Fork 1
Code Issues Pull Requests 1 Projects Releases Wiki Activity

[PFCP] Revert Changes 5e18b2b and d21e9aa 

To protect malicious or buggy, we need to check that session context is NULL.
This commit is contained in:
Sukchan Lee 2022-08-04 09:55:17 +09:00
parent cca3027e90
commit f772bf3a62
5 changed files with 72 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
src/sgwc/pfcp-path.c
View File

@ -378,9 +378,6 @@ int sgwc_pfcp_send_session_report_response(
ogs_pkbuf_t *sxabuf = NULL;
ogs_pfcp_header_t h;
ogs_assert(xact);
xact->local_seid = sess->sgwc_sxa_seid;
memset(&h, 0, sizeof(ogs_pfcp_header_t));
h.type = OGS_PFCP_SESSION_REPORT_RESPONSE_TYPE;
h.seid = sess->sgwu_sxa_seid;

32
src/sgwc/sxa-handler.c
View File

@ -157,7 +157,6 @@ void sgwc_sxa_handle_session_establishment_response(
ogs_debug("Session Establishment Response");
ogs_assert(sess);
ogs_assert(pfcp_xact);
ogs_assert(pfcp_rsp);
ogs_assert(recv_message);
@ -172,6 +171,11 @@ void sgwc_sxa_handle_session_establishment_response(
cause_value = OGS_GTP2_CAUSE_REQUEST_ACCEPTED;
if (!sess) {
ogs_error("No Context");
cause_value = OGS_GTP2_CAUSE_CONTEXT_NOT_FOUND;
}
if (pfcp_rsp->up_f_seid.presence == 0) {
ogs_error("No UP F-SEID");
cause_value = OGS_GTP2_CAUSE_MANDATORY_IE_MISSING;
@ -449,7 +453,6 @@ void sgwc_sxa_handle_session_modification_response(
ogs_debug("Session Modification Response");
ogs_assert(sess);
ogs_assert(pfcp_xact);
ogs_assert(pfcp_rsp);
@ -459,12 +462,31 @@ void sgwc_sxa_handle_session_modification_response(
cause_value = OGS_GTP2_CAUSE_REQUEST_ACCEPTED;
if (flags & OGS_PFCP_MODIFY_SESSION) {
if (!sess) {
ogs_error("No Context");
sess = pfcp_xact->data;
ogs_assert(sess);
cause_value = OGS_GTP2_CAUSE_CONTEXT_NOT_FOUND;
}
sgwc_ue = sess->sgwc_ue;
ogs_assert(sgwc_ue);
} else {
bearer = pfcp_xact->data;
ogs_assert(bearer);
if (!sess) {
ogs_error("No Context");
sess = bearer->sess;
ogs_assert(sess);
cause_value = OGS_GTP2_CAUSE_CONTEXT_NOT_FOUND;
}
sgwc_ue = bearer->sgwc_ue;
ogs_assert(sgwc_ue);
}
@ -1185,12 +1207,16 @@ void sgwc_sxa_handle_session_deletion_response(
ogs_debug("Session Deletion Response");
ogs_assert(sess);
ogs_assert(pfcp_xact);
ogs_assert(pfcp_rsp);
cause_value = OGS_GTP2_CAUSE_REQUEST_ACCEPTED;
if (!sess) {
ogs_error("No Context");
cause_value = OGS_GTP2_CAUSE_CONTEXT_NOT_FOUND;
}
if (pfcp_rsp->cause.presence) {
if (pfcp_rsp->cause.u8 != OGS_PFCP_CAUSE_REQUEST_ACCEPTED) {
ogs_warn("PFCP Cause[%d] : Not Accepted", pfcp_rsp->cause.u8);

14
src/smf/n4-handler.c
View File

@ -255,7 +255,6 @@ void smf_5gc_n4_handle_session_modification_response(
ogs_debug("Session Modification Response [5gc]");
ogs_assert(sess);
ogs_assert(xact);
ogs_assert(rsp);
@ -280,6 +279,11 @@ void smf_5gc_n4_handle_session_modification_response(
status = OGS_SBI_HTTP_STATUS_OK;
if (!sess) {
ogs_error("No Context");
status = OGS_SBI_HTTP_STATUS_NOT_FOUND;
}
if (rsp->cause.presence) {
if (rsp->cause.u8 != OGS_PFCP_CAUSE_REQUEST_ACCEPTED) {
ogs_warn("PFCP Cause [%d] : Not Accepted", rsp->cause.u8);
@ -794,7 +798,6 @@ void smf_epc_n4_handle_session_modification_response(
OGS_LIST(pdr_to_create_list);
ogs_assert(sess);
ogs_assert(xact);
ogs_assert(rsp);
@ -823,6 +826,11 @@ void smf_epc_n4_handle_session_modification_response(
ogs_pfcp_xact_commit(xact);
if (!sess) {
ogs_error("No Context");
return;
}
if (rsp->cause.presence) {
if (rsp->cause.u8 != OGS_PFCP_CAUSE_REQUEST_ACCEPTED) {
ogs_error("PFCP Cause [%d] : Not Accepted", rsp->cause.u8);
@ -1106,7 +1114,7 @@ void smf_n4_handle_session_report_request(
cause_value = OGS_GTP2_CAUSE_REQUEST_ACCEPTED;
if (!sess) {
ogs_warn("No Context");
ogs_error("No Context");
cause_value = OGS_PFCP_CAUSE_SESSION_CONTEXT_NOT_FOUND;
}

3
src/smf/pfcp-path.c
View File

@ -692,9 +692,6 @@ int smf_pfcp_send_session_report_response(
ogs_pkbuf_t *sxabuf = NULL;
ogs_pfcp_header_t h;
ogs_assert(xact);
xact->local_seid = sess->smf_n4_seid;
memset(&h, 0, sizeof(ogs_pfcp_header_t));
h.type = OGS_PFCP_SESSION_REPORT_RESPONSE_TYPE;
h.seid = sess->upf_n4_seid;

34
src/smf/pfcp-sm.c
View File

@ -222,7 +222,22 @@ void smf_pfcp_state_associated(ogs_fsm_t *s, smf_event_t *e)
case OGS_PFCP_SESSION_ESTABLISHMENT_RESPONSE_TYPE:
if (!message->h.seid_presence) ogs_error("No SEID");
ogs_assert(sess);
if (!sess) {
ogs_gtp_xact_t *gtp_xact = xact->assoc_xact;
if (!gtp_xact) {
ogs_error("No associated GTP transaction");
break;
}
if (gtp_xact->gtp_version == 1)
ogs_gtp1_send_error_message(gtp_xact, 0,
OGS_GTP1_CREATE_PDP_CONTEXT_RESPONSE_TYPE,
OGS_GTP1_CAUSE_CONTEXT_NOT_FOUND);
else
ogs_gtp2_send_error_message(gtp_xact, 0,
OGS_GTP2_CREATE_SESSION_RESPONSE_TYPE,
OGS_GTP2_CAUSE_CONTEXT_NOT_FOUND);
break;
}
ogs_fsm_dispatch(&sess->sm, e);
break;
@ -241,7 +256,22 @@ void smf_pfcp_state_associated(ogs_fsm_t *s, smf_event_t *e)
case OGS_PFCP_SESSION_DELETION_RESPONSE_TYPE:
if (!message->h.seid_presence) ogs_error("No SEID");
ogs_assert(sess);
if (!sess) {
ogs_gtp_xact_t *gtp_xact = xact->assoc_xact;
if (!gtp_xact) {
ogs_error("No associated GTP transaction");
break;
}
if (gtp_xact->gtp_version == 1)
ogs_gtp1_send_error_message(gtp_xact, 0,
OGS_GTP1_DELETE_PDP_CONTEXT_RESPONSE_TYPE,
OGS_GTP1_CAUSE_CONTEXT_NOT_FOUND);
else
ogs_gtp2_send_error_message(gtp_xact, 0,
OGS_GTP2_DELETE_SESSION_RESPONSE_TYPE,
OGS_GTP2_CAUSE_CONTEXT_NOT_FOUND);
break;
}
ogs_fsm_dispatch(&sess->sm, e);
break;