sysmocom
/
open5gs
forked from acouzens/open5gs
11
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

[GTP] gtp_message_fuzz: Abrt in ogs_abort 

See below for details.
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=59414
This commit is contained in:
Sukchan Lee 2023-08-24 22:18:25 +09:00
parent 04f7958420
commit 654fe4010c
3 changed files with 15 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
lib/core/ogs-tlv-msg.c
View File

@ -689,7 +689,6 @@ static int tlv_parse_compound(void *msg, ogs_tlv_desc_t *parent_desc,
}
if (j == next_desc->length) {
ogs_fatal("Multiple of the same type TLV need more room");
ogs_assert_if_reached();
tlv = tlv->next;
continue;
}

2
src/sgwc/gtp-path.c
View File

@ -80,7 +80,6 @@ static void _gtpv2_c_recv_cb(short when, ogs_socket_t fd, void *data)
ogs_assert(e);
e->gnode = gnode;
} else {
e = sgwc_event_new(SGWC_EVT_S11_MESSAGE);
gnode = ogs_gtp_node_find_by_addr(&sgwc_self()->mme_s11_list, &from);
if (!gnode) {
gnode = ogs_gtp_node_add_by_addr(&sgwc_self()->mme_s11_list, &from);
@ -92,6 +91,7 @@ static void _gtpv2_c_recv_cb(short when, ogs_socket_t fd, void *data)
}
gnode->sock = data;
}
e = sgwc_event_new(SGWC_EVT_S11_MESSAGE);
ogs_assert(e);
e->gnode = gnode;
}

28
src/smf/gtp-path.c
View File

@ -73,20 +73,6 @@ static void _gtpv1v2_c_recv_cb(short when, ogs_socket_t fd, void *data)
ogs_pkbuf_trim(pkbuf, size);
gtp_ver = ((ogs_gtp2_header_t *)pkbuf->data)->version;
switch (gtp_ver) {
case 1:
e = smf_event_new(SMF_EVT_GN_MESSAGE);
break;
case 2:
e = smf_event_new(SMF_EVT_S5C_MESSAGE);
break;
default:
ogs_warn("Rx unexpected GTP version %u", gtp_ver);
ogs_pkbuf_free(pkbuf);
return;
}
gnode = ogs_gtp_node_find_by_addr(&smf_self()->sgw_s5c_list, &from);
if (!gnode) {
gnode = ogs_gtp_node_add_by_addr(&smf_self()->sgw_s5c_list, &from);
@ -100,6 +86,20 @@ static void _gtpv1v2_c_recv_cb(short when, ogs_socket_t fd, void *data)
smf_gtp_node_new(gnode);
smf_metrics_inst_global_inc(SMF_METR_GLOB_GAUGE_GTP_PEERS_ACTIVE);
}
gtp_ver = ((ogs_gtp2_header_t *)pkbuf->data)->version;
switch (gtp_ver) {
case 1:
e = smf_event_new(SMF_EVT_GN_MESSAGE);
break;
case 2:
e = smf_event_new(SMF_EVT_S5C_MESSAGE);
break;
default:
ogs_warn("Rx unexpected GTP version %u", gtp_ver);
ogs_pkbuf_free(pkbuf);
return;
}
ogs_assert(e);
e->gnode = gnode->data_ptr; /* smf_gtp_node_t */
e->pkbuf = pkbuf;