Valgrind memcheck tool reports an error, of invalid read beyond the
allocated memory.
Function "write_cb()" already allocates (realloc) +1 byte and
null-terminates the data. But the length "conn->size" does not contain
this extra null-terminated byte.
When a copy of the received data is made in "check_multi_info()", it
does not include the null character, resulting in potentially a
non-null terminated string.
Later on when parsing the data, "strlen()" will read beyond the
allocated memory to search for the null character, resulting in an
invalid read.
==1994== Invalid read of size 1
==1994== at 0x484ED24: strlen (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==1994== by 0x4D3F401: cJSON_ParseWithOpts (cJSON.c:1109)
==1994== by 0x4D3F65C: cJSON_Parse (cJSON.c:1197)
==1994== by 0x4C927DE: parse_json (message.c:913)
==1994== by 0x4C972D8: parse_content (message.c:1790)
==1994== by 0x4C90096: ogs_sbi_parse_response (message.c:589)
==1994== by 0x136431: amf_state_operational (amf-sm.c:248)
...
==1994== Address 0x668371d is 0 bytes after a block of size 253 alloc'd
==1994== at 0x4848899: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==1994== by 0x5107D7F: ??? (in /usr/lib/x86_64-linux-gnu/libtalloc.so.2.3.3)
==1994== by 0x510814B: _talloc_memdup (in /usr/lib/x86_64-linux-gnu/libtalloc.so.2.3.3)
==1994== by 0x4871568: ogs_talloc_memdup (ogs-strings.c:184)
==1994== by 0x4CA7755: check_multi_info (client.c:475)
...
* [SBI] Fix converting PatchItem to JSON
* [UDR] Add support for endpoint for patching subscription data
Add support for PATCH HTTP method for the following endpoint:
/subscription-data/{ueId}/context-data/amf-3gpp-access
Currently does not change any data in the database.
* [UDM] Add support for endpoint for patching subscription data
Add support for the following endpoint, HTTP PATCH method:
/nudm-uecm/v1/{ueId}/registrations/amf-3gpp-access
The endpoint is used when UE deregisters from the core, and AMF
sends a subscription modification request with "purgeFlag" set.
* [UDM] Add check for same GUAMI when patching subscription data
* [AMF] Send deregistration event to UDM
When UE sends deregistration request, AMF needs to send a
Nudm_UECM_Deregistration request to UDM.
The order of requests is now the following:
- send PDU session release to SMF
- send deregistration event to UDM
- send AM policy control release to PCF
Recent commit re-enabling SBI HTTP/1.1 support
(10bdf39505cf525b95886c140b3c2e82e7427d29) started using libmicrohttpd's
API MHD_create_response_from_buffer_with_free_callback(), which is only
available starting from v0.9.61.
As a result, compilation in xUbuntu 18.04 started failing with errors
about the function not being found, since it ships with libmicrohttpd
v0.9.59.
Depending on 0.9.61 is fine since it's quite old (november 2018) and all
major current distros should for sure have an >= one. Let's simply bump
the version check so that it fails in an informative manner.
According to the following standards the response to the endpoint
/nudm-sdm/${supi}/sm-data should be an array of
SessionManagementSubscriptionData objects, instead of only one object.
TS 29.503 version 16.6.0
TS 29.505 version 16.4.0
UDR now responds to the request with only item in the array.
UDM copies all items as is.
SMF uses only the first item in the array, even if there are more
present.
When connecting to the UPF port for the PFCP protocol (8805) and sending
an association setup request followed by a session establishment request
with a PDI Network Instance set to ‘internet’, it causes a stack corruption
to occur.
So, ogs_fqdn_parse() fixed.