forked from acouzens/open5gs
To protect malicious or buggy, we need to check that session context is NULL.
This commit is contained in:
parent
cca3027e90
commit
f772bf3a62
|
@ -378,9 +378,6 @@ int sgwc_pfcp_send_session_report_response(
|
|||
ogs_pkbuf_t *sxabuf = NULL;
|
||||
ogs_pfcp_header_t h;
|
||||
|
||||
ogs_assert(xact);
|
||||
xact->local_seid = sess->sgwc_sxa_seid;
|
||||
|
||||
memset(&h, 0, sizeof(ogs_pfcp_header_t));
|
||||
h.type = OGS_PFCP_SESSION_REPORT_RESPONSE_TYPE;
|
||||
h.seid = sess->sgwu_sxa_seid;
|
||||
|
|
|
@ -157,7 +157,6 @@ void sgwc_sxa_handle_session_establishment_response(
|
|||
|
||||
ogs_debug("Session Establishment Response");
|
||||
|
||||
ogs_assert(sess);
|
||||
ogs_assert(pfcp_xact);
|
||||
ogs_assert(pfcp_rsp);
|
||||
ogs_assert(recv_message);
|
||||
|
@ -172,6 +171,11 @@ void sgwc_sxa_handle_session_establishment_response(
|
|||
|
||||
cause_value = OGS_GTP2_CAUSE_REQUEST_ACCEPTED;
|
||||
|
||||
if (!sess) {
|
||||
ogs_error("No Context");
|
||||
cause_value = OGS_GTP2_CAUSE_CONTEXT_NOT_FOUND;
|
||||
}
|
||||
|
||||
if (pfcp_rsp->up_f_seid.presence == 0) {
|
||||
ogs_error("No UP F-SEID");
|
||||
cause_value = OGS_GTP2_CAUSE_MANDATORY_IE_MISSING;
|
||||
|
@ -449,7 +453,6 @@ void sgwc_sxa_handle_session_modification_response(
|
|||
|
||||
ogs_debug("Session Modification Response");
|
||||
|
||||
ogs_assert(sess);
|
||||
ogs_assert(pfcp_xact);
|
||||
ogs_assert(pfcp_rsp);
|
||||
|
||||
|
@ -459,12 +462,31 @@ void sgwc_sxa_handle_session_modification_response(
|
|||
cause_value = OGS_GTP2_CAUSE_REQUEST_ACCEPTED;
|
||||
|
||||
if (flags & OGS_PFCP_MODIFY_SESSION) {
|
||||
if (!sess) {
|
||||
ogs_error("No Context");
|
||||
|
||||
sess = pfcp_xact->data;
|
||||
ogs_assert(sess);
|
||||
|
||||
cause_value = OGS_GTP2_CAUSE_CONTEXT_NOT_FOUND;
|
||||
}
|
||||
|
||||
sgwc_ue = sess->sgwc_ue;
|
||||
ogs_assert(sgwc_ue);
|
||||
|
||||
} else {
|
||||
bearer = pfcp_xact->data;
|
||||
ogs_assert(bearer);
|
||||
|
||||
if (!sess) {
|
||||
ogs_error("No Context");
|
||||
|
||||
sess = bearer->sess;
|
||||
ogs_assert(sess);
|
||||
|
||||
cause_value = OGS_GTP2_CAUSE_CONTEXT_NOT_FOUND;
|
||||
}
|
||||
|
||||
sgwc_ue = bearer->sgwc_ue;
|
||||
ogs_assert(sgwc_ue);
|
||||
}
|
||||
|
@ -1185,12 +1207,16 @@ void sgwc_sxa_handle_session_deletion_response(
|
|||
|
||||
ogs_debug("Session Deletion Response");
|
||||
|
||||
ogs_assert(sess);
|
||||
ogs_assert(pfcp_xact);
|
||||
ogs_assert(pfcp_rsp);
|
||||
|
||||
cause_value = OGS_GTP2_CAUSE_REQUEST_ACCEPTED;
|
||||
|
||||
if (!sess) {
|
||||
ogs_error("No Context");
|
||||
cause_value = OGS_GTP2_CAUSE_CONTEXT_NOT_FOUND;
|
||||
}
|
||||
|
||||
if (pfcp_rsp->cause.presence) {
|
||||
if (pfcp_rsp->cause.u8 != OGS_PFCP_CAUSE_REQUEST_ACCEPTED) {
|
||||
ogs_warn("PFCP Cause[%d] : Not Accepted", pfcp_rsp->cause.u8);
|
||||
|
|
|
@ -255,7 +255,6 @@ void smf_5gc_n4_handle_session_modification_response(
|
|||
|
||||
ogs_debug("Session Modification Response [5gc]");
|
||||
|
||||
ogs_assert(sess);
|
||||
ogs_assert(xact);
|
||||
ogs_assert(rsp);
|
||||
|
||||
|
@ -280,6 +279,11 @@ void smf_5gc_n4_handle_session_modification_response(
|
|||
|
||||
status = OGS_SBI_HTTP_STATUS_OK;
|
||||
|
||||
if (!sess) {
|
||||
ogs_error("No Context");
|
||||
status = OGS_SBI_HTTP_STATUS_NOT_FOUND;
|
||||
}
|
||||
|
||||
if (rsp->cause.presence) {
|
||||
if (rsp->cause.u8 != OGS_PFCP_CAUSE_REQUEST_ACCEPTED) {
|
||||
ogs_warn("PFCP Cause [%d] : Not Accepted", rsp->cause.u8);
|
||||
|
@ -794,7 +798,6 @@ void smf_epc_n4_handle_session_modification_response(
|
|||
|
||||
OGS_LIST(pdr_to_create_list);
|
||||
|
||||
ogs_assert(sess);
|
||||
ogs_assert(xact);
|
||||
ogs_assert(rsp);
|
||||
|
||||
|
@ -823,6 +826,11 @@ void smf_epc_n4_handle_session_modification_response(
|
|||
|
||||
ogs_pfcp_xact_commit(xact);
|
||||
|
||||
if (!sess) {
|
||||
ogs_error("No Context");
|
||||
return;
|
||||
}
|
||||
|
||||
if (rsp->cause.presence) {
|
||||
if (rsp->cause.u8 != OGS_PFCP_CAUSE_REQUEST_ACCEPTED) {
|
||||
ogs_error("PFCP Cause [%d] : Not Accepted", rsp->cause.u8);
|
||||
|
@ -1106,7 +1114,7 @@ void smf_n4_handle_session_report_request(
|
|||
cause_value = OGS_GTP2_CAUSE_REQUEST_ACCEPTED;
|
||||
|
||||
if (!sess) {
|
||||
ogs_warn("No Context");
|
||||
ogs_error("No Context");
|
||||
cause_value = OGS_PFCP_CAUSE_SESSION_CONTEXT_NOT_FOUND;
|
||||
}
|
||||
|
||||
|
|
|
@ -692,9 +692,6 @@ int smf_pfcp_send_session_report_response(
|
|||
ogs_pkbuf_t *sxabuf = NULL;
|
||||
ogs_pfcp_header_t h;
|
||||
|
||||
ogs_assert(xact);
|
||||
xact->local_seid = sess->smf_n4_seid;
|
||||
|
||||
memset(&h, 0, sizeof(ogs_pfcp_header_t));
|
||||
h.type = OGS_PFCP_SESSION_REPORT_RESPONSE_TYPE;
|
||||
h.seid = sess->upf_n4_seid;
|
||||
|
|
|
@ -222,7 +222,22 @@ void smf_pfcp_state_associated(ogs_fsm_t *s, smf_event_t *e)
|
|||
case OGS_PFCP_SESSION_ESTABLISHMENT_RESPONSE_TYPE:
|
||||
if (!message->h.seid_presence) ogs_error("No SEID");
|
||||
|
||||
ogs_assert(sess);
|
||||
if (!sess) {
|
||||
ogs_gtp_xact_t *gtp_xact = xact->assoc_xact;
|
||||
if (!gtp_xact) {
|
||||
ogs_error("No associated GTP transaction");
|
||||
break;
|
||||
}
|
||||
if (gtp_xact->gtp_version == 1)
|
||||
ogs_gtp1_send_error_message(gtp_xact, 0,
|
||||
OGS_GTP1_CREATE_PDP_CONTEXT_RESPONSE_TYPE,
|
||||
OGS_GTP1_CAUSE_CONTEXT_NOT_FOUND);
|
||||
else
|
||||
ogs_gtp2_send_error_message(gtp_xact, 0,
|
||||
OGS_GTP2_CREATE_SESSION_RESPONSE_TYPE,
|
||||
OGS_GTP2_CAUSE_CONTEXT_NOT_FOUND);
|
||||
break;
|
||||
}
|
||||
ogs_fsm_dispatch(&sess->sm, e);
|
||||
break;
|
||||
|
||||
|
@ -241,7 +256,22 @@ void smf_pfcp_state_associated(ogs_fsm_t *s, smf_event_t *e)
|
|||
case OGS_PFCP_SESSION_DELETION_RESPONSE_TYPE:
|
||||
if (!message->h.seid_presence) ogs_error("No SEID");
|
||||
|
||||
ogs_assert(sess);
|
||||
if (!sess) {
|
||||
ogs_gtp_xact_t *gtp_xact = xact->assoc_xact;
|
||||
if (!gtp_xact) {
|
||||
ogs_error("No associated GTP transaction");
|
||||
break;
|
||||
}
|
||||
if (gtp_xact->gtp_version == 1)
|
||||
ogs_gtp1_send_error_message(gtp_xact, 0,
|
||||
OGS_GTP1_DELETE_PDP_CONTEXT_RESPONSE_TYPE,
|
||||
OGS_GTP1_CAUSE_CONTEXT_NOT_FOUND);
|
||||
else
|
||||
ogs_gtp2_send_error_message(gtp_xact, 0,
|
||||
OGS_GTP2_DELETE_SESSION_RESPONSE_TYPE,
|
||||
OGS_GTP2_CAUSE_CONTEXT_NOT_FOUND);
|
||||
break;
|
||||
}
|
||||
ogs_fsm_dispatch(&sess->sm, e);
|
||||
break;
|
||||
|
||||
|
|
Loading…
Reference in New Issue