sysmocom
/
open5gs
forked from acouzens/open5gs
11
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
open5gs/src/smf
History
Sukchan Lee 2b6369e9d9 [SMF] crash when malformed NAS message (#3132) 
A malformed PDU Session Modification Request is sent from UE
after Registration Complete.

```
Crash 1:
04/12 15:00:44.031: [amf] INFO: [imsi-999700000000001:1:11][0:0:NULL] /nsmf-pdusession/v1/sm-contexts/{smContextRef}/modify (../src/amf/nsmf-handler.c:837)
04/12 15:00:46.569: [nas] FATAL: ogs_nas_parse_qos_flow_descriptions: Assertion `descriptions->length' failed. (../lib/nas/5gs/types.c:486)
04/12 15:00:46.569: [core] FATAL: backtrace() returned 11 addresses (../lib/core/ogs-abort.c:37)
../src/smf/../../lib/nas/5gs/libogsnas-5gs.so.2(ogs_nas_parse_qos_flow_descriptions+0x162) [0x7e6e7a5a4e5d]
../src/smf/open5gs-smfd(+0x8c6ec) [0x5dd6c333d6ec]
../src/smf/open5gs-smfd(+0x2d69b) [0x5dd6c32de69b]
../src/smf/../../lib/core/libogscore.so.2(ogs_fsm_dispatch+0x119) [0x7e6e7b216c0c]
../src/smf/open5gs-smfd(+0x288b3) [0x5dd6c32d98b3]
../src/smf/../../lib/core/libogscore.so.2(ogs_fsm_dispatch+0x119) [0x7e6e7b216c0c]
../src/smf/open5gs-smfd(+0xf2d8) [0x5dd6c32c02d8]
../src/smf/../../lib/core/libogscore.so.2(+0x1197a) [0x7e6e7b20797a]
/lib/x86_64-linux-gnu/libc.so.6(+0x94ac3) [0x7e6e7a094ac3]
/lib/x86_64-linux-gnu/libc.so.6(+0x126850) [0x7e6e7a126850]
04/12 15:00:46.613: [app] ERROR: Signal-NUM[17] received (Child status change) (../src/main.c:81)
04/12 15:00:46.613: [sbi] WARNING: [92] HTTP/2 stream 19 was not closed cleanly before end of the underlying stream (../lib/sbi/client.c:626)
04/12 15:00:46.613: [scp] WARNING: response_handler() failed [-1] (../src/scp/sbi-path.c:539)
04/12 15:00:46.613: [amf] ERROR: [1:0] No SmContextUpdateError [500] (../src/amf/nsmf-handler.c:866)
04/12 15:00:46.613: [amf] ERROR: AMF_SESS_CLEAR (../src/amf/amf-sm.c:484)
04/12 15:00:46.613: [amf] INFO: [Removed] Number of AMF-Sessions is now 0 (../src/amf/context.c:2551)
04/12 15:00:50.596: [nrf] WARNING: [c466ec64-f8fe-41ee-a888-194dc4363612] No heartbeat (../src/nrf/nrf-sm.c:260)
04/12 15:00:50.596: [nrf] INFO: [c466ec64-f8fe-41ee-a888-194dc4363612] NF de-registered (../src/nrf/nf-sm.c:205)
04/12 15:00:50.596: [sbi] INFO: [c466ec64-f8fe-41ee-a888-194dc4363612:1] NF removed (../lib/sbi/nnrf-handler.c:750)
04/12 15:00:50.596: [sbi] INFO: [c466ec64-f8fe-41ee-a888-194dc4363612:1] NF removed (../lib/sbi/nnrf-handler.c:750)
04/12 15:00:55.094: [pfcp] WARNING: [10] LOCAL  No Reponse. Give up! for step 1 type 1 peer [127.0.0.4]:8805 (../lib/pfcp/xact.c:599)
04/12 15:00:55.094: [upf] WARNING: No Heartbeat from SMF [127.0.0.4]:8805 (../src/upf/pfcp-sm.c:329)
04/12 15:00:55.094: [upf] INFO: PFCP de-associated [127.0.0.4]:8805 (../src/upf/pfcp-sm.c:199)
04/12 15:01:02.599: [pfcp] WARNING: [11] LOCAL  No Reponse. Give up! for step 1 type 5 peer [127.0.0.4]:8805 (../lib/pfcp/xact.c:599)
04/12 15:01:06.098: [upf] WARNING: Retry to association with peer [127.0.0.4]:8805 failed (../src/upf/pfcp-sm.c:107)

Crash 2:
04/12 15:16:39.748: [amf] INFO: [imsi-999700000000001:1:11][0:0:NULL] /nsmf-pdusession/v1/sm-contexts/{smContextRef}/modify (../src/amf/nsmf-handler.c:837)
04/12 15:16:42.155: [nas] FATAL: ogs_nas_parse_qos_rules: Assertion `size+sizeof(rule->flow.flags) <= length' failed. (../lib/nas/5gs/types.c:961)
04/12 15:16:42.155: [core] FATAL: backtrace() returned 11 addresses (../lib/core/ogs-abort.c:37)
../src/smf/../../lib/nas/5gs/libogsnas-5gs.so.2(ogs_nas_parse_qos_rules+0x12d1) [0x7d1affbd2d72]
../src/smf/open5gs-smfd(+0x8b446) [0x629a57861446]
../src/smf/open5gs-smfd(+0x2d69b) [0x629a5780369b]
../src/smf/../../lib/core/libogscore.so.2(ogs_fsm_dispatch+0x119) [0x7d1affd05c0c]
../src/smf/open5gs-smfd(+0x288b3) [0x629a577fe8b3]
../src/smf/../../lib/core/libogscore.so.2(ogs_fsm_dispatch+0x119) [0x7d1affd05c0c]
../src/smf/open5gs-smfd(+0xf2d8) [0x629a577e52d8]
../src/smf/../../lib/core/libogscore.so.2(+0x1197a) [0x7d1affcf697a]
/lib/x86_64-linux-gnu/libc.so.6(+0x94ac3) [0x7d1afea94ac3]
/lib/x86_64-linux-gnu/libc.so.6(+0x126850) [0x7d1afeb26850]
04/12 15:16:42.199: [sbi] WARNING: [92] HTTP/2 stream 13 was not closed cleanly before end of the underlying stream (../lib/sbi/client.c:626)
04/12 15:16:42.199: [scp] WARNING: response_handler() failed [-1] (../src/scp/sbi-path.c:539)
04/12 15:16:42.199: [app] ERROR: Signal-NUM[17] received (Child status change) (../src/main.c:81)
04/12 15:16:42.200: [amf] ERROR: [1:0] No SmContextUpdateError [500] (../src/amf/nsmf-handler.c:866)
04/12 15:16:42.200: [amf] ERROR: AMF_SESS_CLEAR (../src/amf/amf-sm.c:484)
04/12 15:16:42.200: [amf] INFO: [Removed] Number of AMF-Sessions is now 0 (../src/amf/context.c:2551)
04/12 15:16:49.858: [nrf] WARNING: [23f1aee2-f901-41ee-a488-85a58e1e3420] No heartbeat (../src/nrf/nrf-sm.c:260)
04/12 15:16:49.858: [nrf] INFO: [23f1aee2-f901-41ee-a488-85a58e1e3420] NF de-registered (../src/nrf/nf-sm.c:205)
04/12 15:16:49.859: [sbi] INFO: [23f1aee2-f901-41ee-a488-85a58e1e3420:1] NF removed (../lib/sbi/nnrf-handler.c:750)
04/12 15:16:49.859: [sbi] INFO: [23f1aee2-f901-41ee-a488-85a58e1e3420:1] NF removed (../lib/sbi/nnrf-handler.c:750)
04/12 15:16:59.364: [pfcp] WARNING: [5] LOCAL  No Reponse. Give up! for step 1 type 1 peer [127.0.0.4]:8805 (../lib/pfcp/xact.c:599)
04/12 15:16:59.364: [upf] WARNING: No Heartbeat from SMF [127.0.0.4]:8805 (../src/upf/pfcp-sm.c:329)
04/12 15:16:59.364: [upf] INFO: PFCP de-associated [127.0.0.4]:8805 (../src/upf/pfcp-sm.c:199)
```

So, I've fixed it.
 		2024-04-13 15:03:09 +09:00
..
app.c A minor typo fix (#2707) 2023-10-28 22:11:58 +09:00
binding.c Revert "[GTP/PFCP]] incorrect dst TEI=0/SEID=0 (#3043)" 2024-03-26 08:04:26 +09:00
binding.h X2 handover with SGW change (#1367, #1459) 2022-05-12 22:52:36 +09:00
context.c [MME/AMF] Fixed crash following Handover Request (#3014) 2024-02-29 23:02:38 +09:00
context.h [SMF] Initial implementation of Final-Unit-Indication 2024-04-09 07:13:33 +09:00
event.c Move src/../nf-sm.[ch] to lib/sbi/nf-sm.[ch] 2022-08-12 14:03:53 +09:00
event.h SCP(Model D) is now the default setting. 2022-10-22 11:26:04 +09:00
fd-path.c relocation of user-location-info on top level 2023-05-25 22:42:54 +09:00
fd-path.h relocation of user-location-info on top level 2023-05-25 22:42:54 +09:00
gn-build.c [SMF,MME] Gn: Set Maximum SDU Size QoS field to 1500 2024-01-27 07:11:44 +09:00
gn-build.h Introduce Gn interface (GTPv1C) Support to PGW (#1351) 2022-02-18 22:23:45 +09:00
gn-handler.c [SEPP] Initial Update for 5G Roaming (#2739) 2023-11-19 19:34:51 +09:00
gn-handler.h [SMF] Integrate session tear down cycle into sess->sm (#1500) 2022-04-20 21:42:18 +09:00
gsm-build.c [SEPP] Initial Update for 5G Roaming (#2739) 2023-11-19 19:34:51 +09:00
gsm-build.h [SMF] Fixed PTI when PDU Session Reject 2022-11-07 16:51:51 +09:00
gsm-handler.c [SMF] crash when malformed NAS message (#3132) 2024-04-13 15:03:09 +09:00
gsm-handler.h VoNR added but not tested! 2021-11-14 21:07:56 +09:00
gsm-sm.c [SMF] Initial implementation of Final-Unit-Indication 2024-04-09 07:13:33 +09:00
gtp-path.c [SMF] Crash SMF when no GTP-C config (#3094) 2024-03-31 20:25:25 +09:00
gtp-path.h Reorder smf_gtp_node objects free (#1593) 2022-06-10 21:08:15 +09:00
gx-handler.c [SMF] Added Bi-Directional Flow (#2909) 2024-02-17 20:43:15 +01:00
gx-handler.h Document Gx interface spec references 2024-01-25 07:05:33 +09:00
gx-path.c [SMF] Added Bi-Directional Flow (#2909) 2024-02-17 20:43:15 +01:00
gy-handler.c [SMF] Initial implementation of Final-Unit-Indication 2024-04-09 07:13:33 +09:00
gy-handler.h [SMF] Gy: Check Multiple-Services-Credit-Control Result-Code in CCA-I 2024-04-05 21:35:36 +09:00
gy-path.c [SMF] Initial implementation of Final-Unit-Indication 2024-04-09 07:13:33 +09:00
init.c [SEPP] Initial Update for 5G Roaming (#2739) 2023-11-19 19:34:51 +09:00
meson.build [NRF] Fixed library load error 2022-08-26 10:57:11 +09:00
metrics.c [SBI] Fixed Invalid S-NSSAI format (#2337) 2023-05-28 21:53:52 +09:00
metrics.h [SMF] Expose metrics for nr. of PDU session creations 2023-05-25 21:38:15 +09:00
n4-build.c [SMF] Build URR at bearer modification 2024-01-20 08:20:24 +09:00
n4-build.h [PFCP] Implement the Restoration Indication 2023-04-16 12:30:36 +09:00
n4-handler.c [SMF] Initial implementation of Final-Unit-Indication 2024-04-09 07:13:33 +09:00
n4-handler.h [SMF] Initial implementation of Final-Unit-Indication 2024-04-09 07:13:33 +09:00
namf-build.c [SEPP] Initial Update for 5G Roaming (#2739) 2023-11-19 19:34:51 +09:00
namf-build.h VoNR added but not tested! 2021-11-14 21:07:56 +09:00
namf-handler.c Include cause in HTTP response ProblemDetails (#3051) 2024-04-04 23:29:20 +09:00
namf-handler.h VoNR added but not tested! 2021-11-14 21:07:56 +09:00
nas-path.c Move src/../nf-sm.[ch] to lib/sbi/nf-sm.[ch] 2022-08-12 14:03:53 +09:00
nas-path.h Use HTTP/2 instead of HTTP/1.1 in 5G Core SBI 2020-11-26 21:44:37 -05:00
ngap-build.c [Release-17] Upgrade S1AP/NGAP to v17.3.9 2023-02-21 21:48:06 +09:00
ngap-build.h [SMF] Optimiza Session Modification Message 2022-05-15 23:35:41 +09:00
ngap-handler.c UPF HA - release/establish new PDU session in CM_IDLE (#2471) 2023-07-25 22:38:38 +09:00
ngap-handler.h [5GC] Service Request Race Condition(#1226) 2021-11-28 20:54:51 +09:00
ngap-path.c Move src/../nf-sm.[ch] to lib/sbi/nf-sm.[ch] 2022-08-12 14:03:53 +09:00
ngap-path.h Use HTTP/2 instead of HTTP/1.1 in 5G Core SBI 2020-11-26 21:44:37 -05:00
nnrf-handler.c [SEPP] Initial Update for 5G Roaming (#2739) 2023-11-19 19:34:51 +09:00
nnrf-handler.h Move src/../nf-sm.[ch] to lib/sbi/nf-sm.[ch] 2022-08-12 14:03:53 +09:00
npcf-build.c [SEPP] Initial Update for 5G Roaming (#2739) 2023-11-19 19:34:51 +09:00
npcf-build.h [5GC] Added BSF(Binding Support Function) 2021-05-29 15:56:12 +09:00
npcf-handler.c Include cause in HTTP response ProblemDetails (#3051) 2024-04-04 23:29:20 +09:00
npcf-handler.h [SMF] On sess. est. fail, don't reply to AMF twice on the same stream 2023-07-15 23:29:24 +09:00
nsmf-handler.c [SEPP] Initial Update for 5G Roaming (#2739) 2023-11-19 19:34:51 +09:00
nsmf-handler.h Use HTTP/2 instead of HTTP/1.1 in 5G Core SBI 2020-11-26 21:44:37 -05:00
nudm-build.c [SEPP] Initial Update for 5G Roaming (#2739) 2023-11-19 19:34:51 +09:00
nudm-build.h [SMF] Added SMF registrations (#2514, #2524) 2023-08-18 20:21:08 +09:00
nudm-handler.c Include cause in HTTP response ProblemDetails (#3051) 2024-04-04 23:29:20 +09:00
nudm-handler.h Use HTTP/2 instead of HTTP/1.1 in 5G Core SBI 2020-11-26 21:44:37 -05:00
pfcp-path.c Include cause in HTTP response ProblemDetails (#3051) 2024-04-04 23:29:20 +09:00
pfcp-path.h [PFCP] Implement the Restoration Indication 2023-04-16 12:30:36 +09:00
pfcp-sm.c [SMF] Initial implementation of Final-Unit-Indication 2024-04-09 07:13:33 +09:00
s5c-build.c [SMF] Handle APCO IE in S2b GTPv2C CreateSessionRequest/Response 2024-02-28 11:40:31 +00:00
s5c-build.h X2 handover with SGW change (#1367, #1459) 2022-05-12 22:52:36 +09:00
s5c-handler.c [SGWC] Fixed crashing when Create Bearer Response occurs after Delete Bearer Response (#3109) 2024-04-07 22:51:46 +09:00
s5c-handler.h [GTP] Incorrect destination TEID=0 (#3043) 2024-04-06 16:39:32 +09:00
s6b-path.c [SMF] Setup Gy session when creating UE session over S2b interface 2024-02-28 11:42:33 +00:00
sbi-path.c Include cause in HTTP response ProblemDetails (#3051) 2024-04-04 23:29:20 +09:00
sbi-path.h UPF HA - release/establish new PDU session in CM_IDLE (#2471) 2023-07-25 22:38:38 +09:00
smf-sm.c [GTP] Incorrect destination TEID=0 (#3043) 2024-04-06 16:39:32 +09:00
smf-sm.h [SMF] Added SMF registrations (#2514, #2524) 2023-08-18 20:21:08 +09:00
timer.c [PFCP] Session removal while waiting PFCP reply (#3040) 2024-03-24 09:50:23 +09:00
timer.h [PFCP] Session removal while waiting PFCP reply (#3040) 2024-03-24 09:50:23 +09:00