forked from acouzens/open5gs
[SEC] fix Assertion `0 < ogs_fadn_parse` (#3207)
This commit is contained in:
parent
4599b273fa
commit
05deed616c
|
@ -518,12 +518,13 @@ ogs_pfcp_pdr_t *ogs_pfcp_handle_create_pdr(ogs_pfcp_sess_t *sess,
|
|||
if (message->pdi.network_instance.presence) {
|
||||
char dnn[OGS_MAX_DNN_LEN+1];
|
||||
|
||||
ogs_assert(0 < ogs_fqdn_parse(dnn,
|
||||
message->pdi.network_instance.data,
|
||||
ogs_min(message->pdi.network_instance.len, OGS_MAX_DNN_LEN)));
|
||||
|
||||
pdr->dnn = ogs_strdup(dnn);
|
||||
ogs_assert(pdr->dnn);
|
||||
if (ogs_fqdn_parse(dnn, message->pdi.network_instance.data,
|
||||
ogs_min(message->pdi.network_instance.len, OGS_MAX_DNN_LEN)) > 0) {
|
||||
pdr->dnn = ogs_strdup(dnn);
|
||||
ogs_assert(pdr->dnn);
|
||||
} else {
|
||||
ogs_error("Invalid pdi.network_instance");
|
||||
}
|
||||
}
|
||||
|
||||
pdr->chid = false;
|
||||
|
@ -855,14 +856,16 @@ ogs_pfcp_pdr_t *ogs_pfcp_handle_update_pdr(ogs_pfcp_sess_t *sess,
|
|||
if (message->pdi.network_instance.presence) {
|
||||
char dnn[OGS_MAX_DNN_LEN+1];
|
||||
|
||||
ogs_assert(0 < ogs_fqdn_parse(dnn,
|
||||
message->pdi.network_instance.data,
|
||||
ogs_min(message->pdi.network_instance.len, OGS_MAX_DNN_LEN)));
|
||||
|
||||
if (pdr->dnn)
|
||||
ogs_free(pdr->dnn);
|
||||
pdr->dnn = ogs_strdup(dnn);
|
||||
ogs_assert(pdr->dnn);
|
||||
if (ogs_fqdn_parse(dnn, message->pdi.network_instance.data,
|
||||
ogs_min(message->pdi.network_instance.len,
|
||||
OGS_MAX_DNN_LEN)) > 0) {
|
||||
if (pdr->dnn)
|
||||
ogs_free(pdr->dnn);
|
||||
pdr->dnn = ogs_strdup(dnn);
|
||||
ogs_assert(pdr->dnn);
|
||||
} else {
|
||||
ogs_error("Invalid pdi.network_instance");
|
||||
}
|
||||
}
|
||||
|
||||
if (message->pdi.local_f_teid.presence) {
|
||||
|
@ -964,13 +967,15 @@ ogs_pfcp_far_t *ogs_pfcp_handle_create_far(ogs_pfcp_sess_t *sess,
|
|||
if (message->forwarding_parameters.network_instance.presence) {
|
||||
char dnn[OGS_MAX_DNN_LEN+1];
|
||||
|
||||
ogs_assert(0 < ogs_fqdn_parse(dnn,
|
||||
if (ogs_fqdn_parse(dnn,
|
||||
message->forwarding_parameters.network_instance.data,
|
||||
ogs_min(message->forwarding_parameters.network_instance.len,
|
||||
OGS_MAX_DNN_LEN)));
|
||||
|
||||
far->dnn = ogs_strdup(dnn);
|
||||
ogs_assert(far->dnn);
|
||||
ogs_min(message->forwarding_parameters.network_instance.len,
|
||||
OGS_MAX_DNN_LEN)) > 0) {
|
||||
far->dnn = ogs_strdup(dnn);
|
||||
ogs_assert(far->dnn);
|
||||
} else {
|
||||
ogs_error("Invalid forwarding_parameters.network_instance");
|
||||
}
|
||||
}
|
||||
|
||||
if (message->forwarding_parameters.outer_header_creation.presence) {
|
||||
|
@ -1069,15 +1074,18 @@ ogs_pfcp_far_t *ogs_pfcp_handle_update_far(ogs_pfcp_sess_t *sess,
|
|||
if (message->update_forwarding_parameters.network_instance.presence) {
|
||||
char dnn[OGS_MAX_DNN_LEN+1];
|
||||
|
||||
ogs_assert(0 < ogs_fqdn_parse(dnn,
|
||||
if (ogs_fqdn_parse(dnn,
|
||||
message->update_forwarding_parameters.network_instance.data,
|
||||
ogs_min(message->update_forwarding_parameters.
|
||||
network_instance.len, OGS_MAX_DNN_LEN)));
|
||||
|
||||
if (far->dnn)
|
||||
ogs_free(far->dnn);
|
||||
far->dnn = ogs_strdup(dnn);
|
||||
ogs_assert(far->dnn);
|
||||
ogs_min(message->update_forwarding_parameters.
|
||||
network_instance.len, OGS_MAX_DNN_LEN)) > 0) {
|
||||
if (far->dnn)
|
||||
ogs_free(far->dnn);
|
||||
far->dnn = ogs_strdup(dnn);
|
||||
ogs_assert(far->dnn);
|
||||
} else {
|
||||
ogs_error("Invalid "
|
||||
"update_forwarding_parameters.network_instance");
|
||||
}
|
||||
}
|
||||
|
||||
if (message->update_forwarding_parameters.
|
||||
|
|
|
@ -173,9 +173,11 @@ int16_t ogs_pfcp_parse_user_plane_ip_resource_info(
|
|||
int len = octet->len - size;
|
||||
if (info->assosi) len--;
|
||||
|
||||
ogs_assert(0 < ogs_fqdn_parse(
|
||||
info->network_instance, (char *)octet->data + size,
|
||||
ogs_min(len, OGS_MAX_APN_LEN)));
|
||||
if (ogs_fqdn_parse(info->network_instance, (char *)octet->data + size,
|
||||
ogs_min(len, OGS_MAX_APN_LEN)) <= 0) {
|
||||
ogs_error("Invalid info->network_instance");
|
||||
info->network_instance[0] = 0;
|
||||
}
|
||||
size += len;
|
||||
}
|
||||
|
||||
|
|
|
@ -419,8 +419,8 @@ int ogs_fqdn_parse(char *dst, const char *src, int length)
|
|||
while (i+1 < length) {
|
||||
len = src[i++];
|
||||
if ((j + len + 1) > length) {
|
||||
ogs_error("Invalid FQDN encoding[len:%d] + 1 > length[%d]",
|
||||
len, length);
|
||||
ogs_error("Invalid FQDN encoding[j:%d+len:%d] + 1 > length[%d]",
|
||||
j, len, length);
|
||||
ogs_log_hexdump(OGS_LOG_ERROR, (unsigned char *)src, length);
|
||||
return 0;
|
||||
}
|
||||
|
|
|
@ -332,9 +332,11 @@ void sgsap_handle_paging_request(mme_vlr_t *vlr, ogs_pkbuf_t *pkbuf)
|
|||
nas_mobile_identity_imsi_len = iter->length;
|
||||
break;
|
||||
case SGSAP_IE_VLR_NAME_TYPE:
|
||||
ogs_assert(0 < ogs_fqdn_parse(
|
||||
vlr_name, iter->value,
|
||||
ogs_min(iter->length, SGSAP_IE_VLR_NAME_LEN)));
|
||||
if (ogs_fqdn_parse(vlr_name, iter->value,
|
||||
ogs_min(iter->length, SGSAP_IE_VLR_NAME_LEN)) <= 0) {
|
||||
ogs_error("Invalid VLR-Name");
|
||||
return;
|
||||
}
|
||||
break;
|
||||
case SGSAP_IE_LAI_TYPE:
|
||||
lai = iter->value;
|
||||
|
|
|
@ -203,6 +203,12 @@ void sgwc_s11_handle_create_session_request(
|
|||
if (req->access_point_name.presence == 0) {
|
||||
ogs_error("No APN");
|
||||
cause_value = OGS_GTP2_CAUSE_MANDATORY_IE_MISSING;
|
||||
} else {
|
||||
if (ogs_fqdn_parse(apn, req->access_point_name.data,
|
||||
ogs_min(req->access_point_name.len, OGS_MAX_APN_LEN)) <= 0) {
|
||||
ogs_error("Invalid APN");
|
||||
cause_value = OGS_GTP2_CAUSE_MANDATORY_IE_INCORRECT;
|
||||
}
|
||||
}
|
||||
if (req->sender_f_teid_for_control_plane.presence == 0) {
|
||||
ogs_error("No Sender F-TEID");
|
||||
|
@ -221,9 +227,6 @@ void sgwc_s11_handle_create_session_request(
|
|||
}
|
||||
|
||||
/* Add Session */
|
||||
ogs_assert(0 < ogs_fqdn_parse(apn,
|
||||
req->access_point_name.data,
|
||||
ogs_min(req->access_point_name.len, OGS_MAX_APN_LEN)));
|
||||
sess = sgwc_sess_find_by_ebi(sgwc_ue,
|
||||
req->bearer_contexts_to_be_created[0].eps_bearer_id.u8);
|
||||
if (sess) {
|
||||
|
|
|
@ -1278,7 +1278,14 @@ smf_sess_t *smf_sess_add_by_gtp1_message(ogs_gtp1_message_t *message)
|
|||
if (req->access_point_name.presence == 0) {
|
||||
ogs_error("No APN");
|
||||
return NULL;
|
||||
} else {
|
||||
if (ogs_fqdn_parse(apn, req->access_point_name.data,
|
||||
ogs_min(req->access_point_name.len, OGS_MAX_APN_LEN)) <= 0) {
|
||||
ogs_error("Invalid APN");
|
||||
return NULL;
|
||||
}
|
||||
}
|
||||
|
||||
if (req->sgsn_address_for_signalling.presence == 0) {
|
||||
ogs_error("No SGSN Address for signalling");
|
||||
return NULL;
|
||||
|
@ -1296,12 +1303,6 @@ smf_sess_t *smf_sess_add_by_gtp1_message(ogs_gtp1_message_t *message)
|
|||
return NULL;
|
||||
}
|
||||
|
||||
if ((ogs_fqdn_parse(apn, req->access_point_name.data,
|
||||
ogs_min(req->access_point_name.len, OGS_MAX_APN_LEN+1))) <= 0) {
|
||||
ogs_error("No APN");
|
||||
return NULL;
|
||||
}
|
||||
|
||||
ogs_trace("smf_sess_add_by_message() [APN:%s]", apn);
|
||||
|
||||
/*
|
||||
|
@ -1349,15 +1350,18 @@ smf_sess_t *smf_sess_add_by_gtp2_message(ogs_gtp2_message_t *message)
|
|||
if (req->access_point_name.presence == 0) {
|
||||
ogs_error("No APN");
|
||||
return NULL;
|
||||
} else {
|
||||
if (ogs_fqdn_parse(apn, req->access_point_name.data,
|
||||
ogs_min(req->access_point_name.len, OGS_MAX_APN_LEN)) <= 0) {
|
||||
ogs_error("Invalid APN");
|
||||
return NULL;
|
||||
}
|
||||
}
|
||||
if (req->rat_type.presence == 0) {
|
||||
ogs_error("No RAT Type");
|
||||
return NULL;
|
||||
}
|
||||
|
||||
ogs_assert(0 < ogs_fqdn_parse(apn, req->access_point_name.data,
|
||||
ogs_min(req->access_point_name.len, OGS_MAX_APN_LEN)));
|
||||
|
||||
ogs_trace("smf_sess_add_by_message() [APN:%s]", apn);
|
||||
|
||||
/*
|
||||
|
|
|
@ -107,8 +107,12 @@ void upf_n4_handle_session_establishment_request(
|
|||
if (req->apn_dnn.presence) {
|
||||
char apn_dnn[OGS_MAX_DNN_LEN+1];
|
||||
|
||||
ogs_assert(0 < ogs_fqdn_parse(apn_dnn, req->apn_dnn.data,
|
||||
ogs_min(req->apn_dnn.len, OGS_MAX_DNN_LEN)));
|
||||
if (ogs_fqdn_parse(apn_dnn, req->apn_dnn.data,
|
||||
ogs_min(req->apn_dnn.len, OGS_MAX_DNN_LEN)) <= 0) {
|
||||
ogs_error("Invalid APN");
|
||||
cause_value = OGS_PFCP_CAUSE_MANDATORY_IE_INCORRECT;
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
if (sess->apn_dnn)
|
||||
ogs_free(sess->apn_dnn);
|
||||
|
|
Loading…
Reference in New Issue