sysmocom
/
open5gs
forked from acouzens/open5gs
11
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

[NRF] fix the crash for invalid FQDN (#1333)

This commit is contained in:
Sukchan Lee 2022-01-22 09:34:38 +09:00
parent 68407efa16
commit 866ae78f5e
22 changed files with 55 additions and 36 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
lib/core/ogs-3gpp-types.c
View File

@ -327,8 +327,9 @@ int ogs_fqdn_parse(char *dst, char *src, int length)
while (i+1 < length) {
len = src[i++];
if ((j + len + 1) > length) {
ogs_error("Invalid APN encoding[len:%d] + 1 > length[%d]",
ogs_error("Invalid FQDN encoding[len:%d] + 1 > length[%d]",
len, length);
ogs_log_hexdump(OGS_LOG_ERROR, (unsigned char *)src, length);
return 0;
}
memcpy(&dst[j], &src[i], len);

2
lib/nas/5gs/decoder.c
View File

@ -28,7 +28,7 @@
/*******************************************************************************
* This file had been created by nas-message.py script v0.2.0
* Please do not modify this file but regenerate it via script.
* Created on: 2021-10-13 22:57:17.425900 by acetcom
* Created on: 2022-01-22 09:24:09.045630 by acetcom
* from 24501-g41.docx
******************************************************************************/

2
lib/nas/5gs/encoder.c
View File

@ -28,7 +28,7 @@
/*******************************************************************************
* This file had been created by nas-message.py script v0.2.0
* Please do not modify this file but regenerate it via script.
* Created on: 2021-10-13 22:57:17.434442 by acetcom
* Created on: 2022-01-22 09:24:09.053958 by acetcom
* from 24501-g41.docx
******************************************************************************/

14
lib/nas/5gs/ies.c
View File

@ -28,7 +28,7 @@
/*******************************************************************************
* This file had been created by nas-message.py script v0.2.0
* Please do not modify this file but regenerate it via script.
* Created on: 2021-10-13 22:57:17.413540 by acetcom
* Created on: 2022-01-22 09:24:09.032504 by acetcom
* from 24501-g41.docx
******************************************************************************/
@ -135,13 +135,13 @@ int ogs_nas_5gs_decode_dnn(ogs_nas_dnn_t *dnn, ogs_pkbuf_t *pkbuf)
memcpy(dnn, pkbuf->data - size, size);
{
char data_network_name[OGS_MAX_DNN_LEN];
dnn->length = ogs_fqdn_parse(data_network_name, dnn->value, ogs_min(dnn->length, OGS_MAX_DNN_LEN+1));
char data_network_name[OGS_MAX_DNN_LEN+1];
dnn->length = ogs_fqdn_parse(data_network_name, dnn->value, ogs_min(dnn->length, OGS_MAX_DNN_LEN));
if (dnn->length > 0) {
ogs_cpystrn(dnn->value, data_network_name, ogs_min(dnn->length, OGS_MAX_DNN_LEN) + 1);
} else {
ogs_error("UE not APN setting");
}
ogs_cpystrn(dnn->value, data_network_name, ogs_min(dnn->length, OGS_MAX_DNN_LEN)+1);
} else {
ogs_error("UE not APN setting");
}
}
ogs_trace(" DNN - ");

2
lib/nas/5gs/ies.h
View File

@ -28,7 +28,7 @@
/*******************************************************************************
* This file had been created by nas-message.py script v0.2.0
* Please do not modify this file but regenerate it via script.
* Created on: 2021-10-13 22:57:17.411445 by acetcom
* Created on: 2022-01-22 09:24:09.029942 by acetcom
* from 24501-g41.docx
******************************************************************************/

2
lib/nas/5gs/message.h
View File

@ -28,7 +28,7 @@
/*******************************************************************************
* This file had been created by nas-message.py script v0.2.0
* Please do not modify this file but regenerate it via script.
* Created on: 2021-10-13 22:57:17.420408 by acetcom
* Created on: 2022-01-22 09:24:09.040249 by acetcom
* from 24501-g41.docx
******************************************************************************/

2
lib/nas/5gs/support/type-list.py
View File

@ -29,7 +29,7 @@ type_list["Header compression configuration"]["encode"] = \
type_list["DNN"]["decode"] = \
" {\n" \
" char data_network_name[OGS_MAX_DNN_LEN+1];\n" \
" dnn->length = ogs_fqdn_parse(data_network_name, dnn->value, ogs_min(dnn->length, OGS_MAX_DNN_LEN+1));\n" \
" dnn->length = ogs_fqdn_parse(data_network_name, dnn->value, ogs_min(dnn->length, OGS_MAX_DNN_LEN));\n" \
" if (dnn->length > 0) {\n" \
" ogs_cpystrn(dnn->value, data_network_name, ogs_min(dnn->length, OGS_MAX_DNN_LEN)+1);\n" \
" } else {\n" \

2
lib/nas/eps/decoder.c
View File

@ -28,7 +28,7 @@
/*******************************************************************************
* This file had been created by nas-message.py script v0.1.0
* Please do not modify this file but regenerate it via script.
* Created on: 2021-11-15 15:24:45.981268 by acetcom
* Created on: 2022-01-22 09:24:28.380730 by acetcom
* from 24301-g40.docx
******************************************************************************/

2
lib/nas/eps/encoder.c
View File

@ -28,7 +28,7 @@
/*******************************************************************************
* This file had been created by nas-message.py script v0.1.0
* Please do not modify this file but regenerate it via script.
* Created on: 2021-11-15 15:24:45.990017 by acetcom
* Created on: 2022-01-22 09:24:28.390156 by acetcom
* from 24301-g40.docx
******************************************************************************/

4
lib/nas/eps/ies.c
View File

@ -28,7 +28,7 @@
/*******************************************************************************
* This file had been created by nas-message.py script v0.1.0
* Please do not modify this file but regenerate it via script.
* Created on: 2021-11-15 15:24:45.969895 by acetcom
* Created on: 2022-01-22 09:24:28.368722 by acetcom
* from 24301-g40.docx
******************************************************************************/
@ -3014,7 +3014,7 @@ int ogs_nas_eps_decode_access_point_name(ogs_nas_access_point_name_t *access_poi
{
char apn[OGS_MAX_APN_LEN+1];
access_point_name->length = ogs_fqdn_parse(apn, access_point_name->apn, ogs_min(access_point_name->length, OGS_MAX_APN_LEN+1));
access_point_name->length = ogs_fqdn_parse(apn, access_point_name->apn, ogs_min(access_point_name->length, OGS_MAX_APN_LEN));
if (access_point_name->length > 0) {
ogs_cpystrn(access_point_name->apn, apn, ogs_min(access_point_name->length, OGS_MAX_APN_LEN)+1);
} else {

2
lib/nas/eps/ies.h
View File

@ -28,7 +28,7 @@
/*******************************************************************************
* This file had been created by nas-message.py script v0.1.0
* Please do not modify this file but regenerate it via script.
* Created on: 2021-11-15 15:24:45.968168 by acetcom
* Created on: 2022-01-22 09:24:28.366939 by acetcom
* from 24301-g40.docx
******************************************************************************/

2
lib/nas/eps/message.h
View File

@ -28,7 +28,7 @@
/*******************************************************************************
* This file had been created by nas-message.py script v0.1.0
* Please do not modify this file but regenerate it via script.
* Created on: 2021-11-15 15:24:45.975004 by acetcom
* Created on: 2022-01-22 09:24:28.374281 by acetcom
* from 24301-g40.docx
******************************************************************************/

2
lib/nas/eps/support/type-list.py
View File

@ -71,7 +71,7 @@ type_list["Short MAC"]["encode"] = \
type_list["Access point name"]["decode"] = \
" {\n" \
" char apn[OGS_MAX_APN_LEN+1];\n" \
" access_point_name->length = ogs_fqdn_parse(apn, access_point_name->apn, ogs_min(access_point_name->length, OGS_MAX_APN_LEN+1));\n" \
" access_point_name->length = ogs_fqdn_parse(apn, access_point_name->apn, ogs_min(access_point_name->length, OGS_MAX_APN_LEN));\n" \
" if (access_point_name->length > 0) {\n" \
" ogs_cpystrn(access_point_name->apn, apn, ogs_min(access_point_name->length, OGS_MAX_APN_LEN)+1);\n" \
" } else {\n" \

4
lib/pfcp/handler.c
View File

@ -421,7 +421,7 @@ ogs_pfcp_pdr_t *ogs_pfcp_handle_create_pdr(ogs_pfcp_sess_t *sess,
ogs_assert(0 < ogs_fqdn_parse(dnn,
message->pdi.network_instance.data,
ogs_min(message->pdi.network_instance.len, OGS_MAX_DNN_LEN+1)));
ogs_min(message->pdi.network_instance.len, OGS_MAX_DNN_LEN)));
pdr->dnn = ogs_strdup(dnn);
ogs_assert(pdr->dnn);
@ -669,7 +669,7 @@ ogs_pfcp_pdr_t *ogs_pfcp_handle_update_pdr(ogs_pfcp_sess_t *sess,
ogs_assert(0 < ogs_fqdn_parse(dnn,
message->pdi.network_instance.data,
ogs_min(message->pdi.network_instance.len, OGS_MAX_DNN_LEN+1)));
ogs_min(message->pdi.network_instance.len, OGS_MAX_DNN_LEN)));
if (pdr->dnn)
ogs_free(pdr->dnn);

2
lib/pfcp/types.c
View File

@ -175,7 +175,7 @@ int16_t ogs_pfcp_parse_user_plane_ip_resource_info(
ogs_assert(0 < ogs_fqdn_parse(
info->network_instance, (char *)octet->data + size,
ogs_min(len, OGS_MAX_APN_LEN)+1));
ogs_min(len, OGS_MAX_APN_LEN)));
size += len;
}

8
lib/sbi/nnrf-build.c
View File

@ -68,7 +68,9 @@ OpenAPI_nf_profile_t *ogs_nnrf_nfm_build_nf_profile(
ogs_expect_or_return_val(NFProfile->fqdn, NULL);
NFProfile->fqdn[fqdn_len] = 0;
ogs_trace("FQDN[%s]", nf_instance->fqdn);
ogs_debug("NFInstance-FQDN[%s]", nf_instance->fqdn);
ogs_log_hexdump(OGS_LOG_DEBUG,
(unsigned char *)NFProfile->fqdn, fqdn_len);
}
NFProfile->is_priority = true;
@ -188,6 +190,10 @@ OpenAPI_nf_profile_t *ogs_nnrf_nfm_build_nf_profile(
NFService->fqdn = ogs_memdup(fqdn, fqdn_len+1);
ogs_expect_or_return_val(NFService->fqdn, NULL);
NFService->fqdn[fqdn_len] = 0;
ogs_debug("NFService-FQDN[%s]", nf_service->fqdn);
ogs_log_hexdump(OGS_LOG_DEBUG,
(unsigned char *)NFService->fqdn, fqdn_len);
}
IpEndPointList = OpenAPI_list_create();

26
lib/sbi/nnrf-handler.c
View File

@ -247,10 +247,16 @@ bool ogs_sbi_nnrf_handle_nf_profile(ogs_sbi_nf_instance_t *nf_instance,
if (NFProfile->is_heart_beat_timer == true)
nf_instance->time.heartbeat_interval = NFProfile->heart_beat_timer;
if (NFProfile->fqdn)
ogs_assert(0 < ogs_fqdn_parse(
if (NFProfile->fqdn) {
if (ogs_fqdn_parse(
nf_instance->fqdn, NFProfile->fqdn,
ogs_min(strlen(NFProfile->fqdn), OGS_MAX_FQDN_LEN+1)));
ogs_min(strlen(NFProfile->fqdn), OGS_MAX_FQDN_LEN)) > 0) {
/* Nothing : succeeded to parse FQDN */
} else {
ogs_error("ogs_fqdn_parse() failed[%s]", NFProfile->fqdn);
return false;
}
}
if (NFProfile->is_priority == true)
nf_instance->priority = NFProfile->priority;
@ -328,10 +334,16 @@ bool ogs_sbi_nnrf_handle_nf_profile(ogs_sbi_nf_instance_t *nf_instance,
NFServiceVersion->expiry);
}
if (NFService->fqdn)
ogs_assert(0 < ogs_fqdn_parse(
nf_service->fqdn, NFService->fqdn,
ogs_min(strlen(NFService->fqdn), OGS_MAX_FQDN_LEN+1)));
if (NFService->fqdn) {
if (ogs_fqdn_parse(
nf_service->fqdn, NFService->fqdn,
ogs_min(strlen(NFService->fqdn), OGS_MAX_FQDN_LEN)) > 0) {
/* Nothing : succeeded to parse FQDN */
} else {
ogs_error("ogs_fqdn_parse() failed[%s]", NFService->fqdn);
return false;
}
}
OpenAPI_list_for_each(IpEndPointList, node2) {
OpenAPI_ip_end_point_t *IpEndPoint = node2->data;

2
src/bsf/nbsf-handler.c
View File

@ -104,7 +104,7 @@ bool bsf_nbsf_management_handle_pcf_binding(
ogs_assert(0 < ogs_fqdn_parse(
fqdn, RecvPcfBinding->pcf_fqdn,
ogs_min(strlen(RecvPcfBinding->pcf_fqdn),
OGS_MAX_FQDN_LEN+1)));
OGS_MAX_FQDN_LEN)));
if (sess->pcf_fqdn)
ogs_free(sess->pcf_fqdn);

2
src/mme/sgsap-handler.c
View File

@ -288,7 +288,7 @@ void sgsap_handle_paging_request(mme_vlr_t *vlr, ogs_pkbuf_t *pkbuf)
case SGSAP_IE_VLR_NAME_TYPE:
ogs_assert(0 < ogs_fqdn_parse(
vlr_name, iter->value,
ogs_min(iter->length, SGSAP_IE_VLR_NAME_LEN+1)));
ogs_min(iter->length, SGSAP_IE_VLR_NAME_LEN)));
break;
case SGSAP_IE_LAI_TYPE:
lai = iter->value;

2
src/sgwc/s11-handler.c
View File

@ -191,7 +191,7 @@ void sgwc_s11_handle_create_session_request(
/* Add Session */
ogs_assert(0 < ogs_fqdn_parse(apn,
req->access_point_name.data,
ogs_min(req->access_point_name.len, OGS_MAX_APN_LEN+1)));
ogs_min(req->access_point_name.len, OGS_MAX_APN_LEN)));
sess = sgwc_sess_find_by_ebi(sgwc_ue,
req->bearer_contexts_to_be_created.eps_bearer_id.u8);
if (sess) {

2
src/smf/context.c
View File

@ -1037,7 +1037,7 @@ smf_sess_t *smf_sess_add_by_gtp_message(ogs_gtp_message_t *message)
}
ogs_assert(0 < ogs_fqdn_parse(apn, req->access_point_name.data,
ogs_min(req->access_point_name.len, OGS_MAX_APN_LEN+1)));
ogs_min(req->access_point_name.len, OGS_MAX_APN_LEN)));
ogs_trace("smf_sess_add_by_message() [APN:%s]", apn);

2
tests/af/nbsf-handler.c
View File

@ -45,7 +45,7 @@ void af_nbsf_management_handle_pcf_binding(
if (PcfBinding->pcf_fqdn) {
ogs_assert(0 < ogs_fqdn_parse(fqdn, PcfBinding->pcf_fqdn,
ogs_min(strlen(PcfBinding->pcf_fqdn), OGS_MAX_FQDN_LEN+1)));
ogs_min(strlen(PcfBinding->pcf_fqdn), OGS_MAX_FQDN_LEN)));
if (sess->pcf.fqdn)
ogs_free(sess->pcf.fqdn);
sess->pcf.fqdn = ogs_strdup(fqdn);