Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Version2.1.4 :AMF stack smashing #1206

Closed
yblog123 opened this issue Oct 18, 2021 · 2 comments
Closed

Version2.1.4 :AMF stack smashing #1206

yblog123 opened this issue Oct 18, 2021 · 2 comments
Labels
Housekeeping:ToClose Issues reviewed and closed. Old requests, issues which are not bug, feature or documentation request

Comments

@yblog123
Copy link

yblog123 commented Oct 18, 2021

When I use open5gs of version 2.1.4 on Ubuntu 20.04 system, I found a problem:

When the UE is in initially registered period, if the length of MSIN(part of Supi) exceeds the normal length by 24 characters, AMF stack smashing will be caused, resulting in denial of AMF service
image

I analyzed the causes of this problem:
When open5gs handles the initialUEMessage process, the requested space size is fixed(OGS_MAX_IMSI_BCD_LEN is 15), and AMF does not verify the length of Supi number,This leads to stack overflow
image

@yblog123 yblog123 changed the title Version2.4.1 :AMF stack smashing Version2.1.4 :AMF stack smashing Oct 18, 2021
acetcom added a commit that referenced this issue Oct 19, 2021
When the UE is in initially registered period,
if the length of MSIN(Part of SUPI) exceeds the normal length,
AMF stack smashing will be caused
@acetcom
Copy link
Member

acetcom commented Oct 19, 2021

@yblog123

I've fixed this issue and updated it to the main branch on github.

Thank you so much!
Sukchan

@pobk pobk added the Housekeeping:ToClose Issues reviewed and closed. Old requests, issues which are not bug, feature or documentation request label Feb 18, 2023
@github-actions
Copy link

This issue has been closed automatically due to lack of activity. This has been done to try and reduce the amount of noise. Please do not comment any further. The Open5GS Team may choose to re-open this issue if necessary.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Housekeeping:ToClose Issues reviewed and closed. Old requests, issues which are not bug, feature or documentation request
Projects
None yet
Development

No branches or pull requests

3 participants