提出 #808445: Open5gs PCF v2.7.7 Denial of Service情報

タイトル	Open5gs PCF v2.7.7 Denial of Service
説明	### Open5GS Release, Revision, or Tag v2.7.7 ### Steps to reproduce ### Description This merged report covers the two confirmed `Npcf_PolicyAuthorization` reachability variants that hit the same crash site: ```c from_str = strstr(&rx_flow->description[strlen("permit in")], "from"); ogs_assert(from_str); ``` at `../lib/proto/types.c:938`. The shared payload shape is the same in both cases: ```text fDescs = ["permit in"] ``` Confirmed reachability variants: 1. `POST /npcf-policyauthorization/v1/app-sessions` 2. `PATCH /npcf-policyauthorization/v1/app-sessions/{appSessionId}` The immediate callers differ, but the crash site and malformed flow-description root cause are identical. ### Root cause - Shared crash site: `../lib/proto/types.c:938` - Root cause family: parser/business-logic mismatch - Create-path caller: `ogs_pcc_rule_install_flow_from_media()` - Update-path caller: `ogs_pcc_rule_num_of_flow_equal_to_media()` - Controlling field: `ascReqData.medComponents[].medSubComps[].fDescs[*]` ### Logs ```shell ### Create Reproduction Create an app session with: {"ascReqData":{"medComponents":{"1":{"medSubComps":{"1":{"fDescs":["permit in"]}}}}}} Observed in the confirmed run: 04/11 17:57:24.739: [core] FATAL: flow_rx_to_gx: Assertion `from_str' failed. (../lib/proto/types.c:938) ### Update Reproduction Patch an existing app session with the same malformed flow description: {"ascReqData":{"medComponents":{"1":{"medSubComps":{"1":{"fDescs":["permit in"]}}}}}} Observed in the confirmed run: 04/11 17:58:54.874: [core] FATAL: flow_rx_to_gx: Assertion `from_str' failed. (../lib/proto/types.c:938) ``` ### Expected behaviour PCF should reject malformed `permit in` AF flow descriptions with a normal client error on both create and update routes. ### Observed Behaviour Both create and update reachability variants hit the same `flow_rx_to_gx()` assertion and restart the PCF process. ### eNodeB/gNodeB Not required. ### UE Models and versions Not required.
ソース	⚠️ https://github.com/open5gs/open5gs/issues/4441
ユーザー	LinZiyu (UID 94035)
送信	2026年04月20日 20:38 (2 月 ago)
モデレーション	2026年05月09日 09:35 (19 days later)
ステータス	承諾済み
VulDBエントリ	362443 [Open5GS 迄 2.7.7 /lib/proto/types.c ogs_pcc_rule_install_flow_from_media サービス拒否]
ポイント	20

◂ 前概要次 ▸

Do you need the next level of professionalism?

Upgrade your account now!