New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Bugs] A crafted malformed NGAP message can crash AMF and NGAP decoder #402
Comments
|
Hi, |
by fuzzing |
Are open source tools used? If so, please tell me what it is. Thank you very much. |
|
|
Hi all, may I ask how should amf/aper handle unconstrained integer decoding for 0x00 in your opinion? According to ITU-T X.691, 0x00 should not be an input for aper unconstrained integer decoding:
However, I saw another discussion here and one comment stated that:
In short, we are now considering whether to reject 0x00 as an error, or to accept and decode 0x00 as 0. Appreciate for any comment or more discussions about this case |
I looked at other implementations such as Open5gs and pycrate but I couldn't find any implementations that treat 0x00 byte as error. So, I think that 0x00 can be decode as 0. |
Describe the bug
A crafted malformed NGAP message can crash AMF and NGAP decoder
To Reproduce
run the program test.go can reproduce NGAP decoder crash:
fisher@ubuntu:~/free5gc/NFs/amf/internal/ngap$ cat test.go
fisher@ubuntu:~/free5gc/NFs/amf/internal/ngap$ go run test.go
When AMF receive this NGAP message will also crash
Expected behavior
No crash of AMF and NGAP decoder
Environment (please complete the following information):
PCAP File
https://raw.githubusercontent.com/fisherwky/shared/main/crafted_malformed_ngap_message_make_amf_crash.pcap
The text was updated successfully, but these errors were encountered: