Soumettre #808445: Open5gs PCF v2.7.7 Denial of Serviceinformation

TitreOpen5gs PCF v2.7.7 Denial of Service
Description### Open5GS Release, Revision, or Tag v2.7.7 ### Steps to reproduce ### Description This merged report covers the two confirmed `Npcf_PolicyAuthorization` reachability variants that hit the same crash site: ```c from_str = strstr(&rx_flow->description[strlen("permit in")], "from"); ogs_assert(from_str); ``` at `../lib/proto/types.c:938`. The shared payload shape is the same in both cases: ```text fDescs = ["permit in"] ``` Confirmed reachability variants: 1. `POST /npcf-policyauthorization/v1/app-sessions` 2. `PATCH /npcf-policyauthorization/v1/app-sessions/{appSessionId}` The immediate callers differ, but the crash site and malformed flow-description root cause are identical. ### Root cause - Shared crash site: `../lib/proto/types.c:938` - Root cause family: parser/business-logic mismatch - Create-path caller: `ogs_pcc_rule_install_flow_from_media()` - Update-path caller: `ogs_pcc_rule_num_of_flow_equal_to_media()` - Controlling field: `ascReqData.medComponents[*].medSubComps[*].fDescs[*]` ### Logs ```shell ### Create Reproduction Create an app session with: {"ascReqData":{"medComponents":{"1":{"medSubComps":{"1":{"fDescs":["permit in"]}}}}}} Observed in the confirmed run: 04/11 17:57:24.739: [core] FATAL: flow_rx_to_gx: Assertion `from_str' failed. (../lib/proto/types.c:938) ### Update Reproduction Patch an existing app session with the same malformed flow description: {"ascReqData":{"medComponents":{"1":{"medSubComps":{"1":{"fDescs":["permit in"]}}}}}} Observed in the confirmed run: 04/11 17:58:54.874: [core] FATAL: flow_rx_to_gx: Assertion `from_str' failed. (../lib/proto/types.c:938) ``` ### Expected behaviour PCF should reject malformed `permit in` AF flow descriptions with a normal client error on both create and update routes. ### Observed Behaviour Both create and update reachability variants hit the same `flow_rx_to_gx()` assertion and restart the PCF process. ### eNodeB/gNodeB Not required. ### UE Models and versions Not required.
La source⚠️ https://github.com/open5gs/open5gs/issues/4441
Utilisateur
 LinZiyu (UID 94035)
Soumission20/04/2026 20:38 (il y a 2 mois)
Modérer09/05/2026 09:35 (19 days later)
StatutAccepté
Entrée VulDB362443 [Open5GS jusqu’à 2.7.7 /lib/proto/types.c ogs_pcc_rule_install_flow_from_media déni de service]
Points20

PrécédentAperçuSuivant

Want to stay up to date on a daily basis?

Enable the mail alert feature now!