You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
NF (in this particular case UDR) crashes with a segfault in case that a HTTP2 request is received which contains JSON payload that is not expected. JSON payload was constructed as an JSON array containing JSON object: [ { "amfInstanceId": "xxx", ...}] . But the UDR was expecting JSON payload containing JSON object directly: { "amfInstanceId": "xxx", ...}
Open5GS daemon v2.4.5-71-g694b60f
04/22 06:16:36.333: [app] INFO: Configuration: '/usr/local/etc/open5gs/udr.yaml' (../lib/app/ogs-init.c:129)
04/22 06:16:36.333: [app] INFO: File Logging: '/var/local/log/open5gs/udr.log' (../lib/app/ogs-init.c:132)
04/22 06:16:36.334: [app] INFO: LOG-LEVEL: 'trace' (../lib/app/ogs-init.c:135)
...
04/22 06:16:39.551: [sbi] DEBUG: MAX_CONCURRENT_STREAMS = -1 (../lib/sbi/nghttp2-server.c:720)
04/22 06:16:39.551: [sbi] DEBUG: ENABLE_PUSH = false (../lib/sbi/nghttp2-server.c:722)
0000: 00000604 00000000 00000300 000064 ..............d
04/22 06:16:39.551: [sbi] DEBUG: STREAM added [3] (../lib/sbi/nghttp2-server.c:1078)
04/22 06:16:39.551: [sbi] DEBUG: [PUT] /nudr-dr/v1/subscription-data/imsi-001010000050970/context-data/amf-3gpp-access (../lib/sbi/nghttp2-server.c:770)
04/22 06:16:39.551: [sbi] DEBUG: RECEIVED: 247 (../lib/sbi/nghttp2-server.c:773)
04/22 06:16:39.551: [sbi] DEBUG: [{ "amfInstanceId": "ee230e80-ac15-41ec-a0de-1123e64a0914", "deregCallbackUri": "http://127.0.0.5:7777/namf-callback/v1/imsi-001010000050970/dereg-notify", "guami": { "plmnId": { "mcc": "001", "mnc": "01" }, "amfId": "020040" }, "ratType": "NR" }] (../lib/sbi/nghttp2-server.c:774)
04/22 06:16:39.551: [udr] DEBUG: udr_state_operational(): UDR_EVT_SBI_SERVER (../src/udr/udr-sm.c:52)
[{ "amfInstanceId": "ee230e80-ac15-41ec-a0de-1123e64a0914", "deregCallbackUri": "http://127.0.0.5:7777/namf-callback/v1/imsi-001010000050970/dereg-notify", "guami": { "plmnId": { "mcc": "001", "mnc": "01" }, "amfId": "020040" }, "ratType": "NR" }]
Thread 2 "open5gs-udrd" received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7faf186a0700 (LWP 13949)]
__strcmp_avx2 () at ../sysdeps/x86_64/multiarch/strcmp-avx2.S:102
102 ../sysdeps/x86_64/multiarch/strcmp-avx2.S: No such file or directory.
(gdb) bt
#0 __strcmp_avx2 () at ../sysdeps/x86_64/multiarch/strcmp-avx2.S:102
#1 0x00007faf1c29394d in get_object_item (object=0x7faf100077c0, name=0x7faf1c4f5bb8 "amfInstanceId", case_sensitive=1) at ../lib/sbi/openapi/external/cJSON.c:1804
#2 0x00007faf1c2939e0 in cJSON_GetObjectItemCaseSensitive (object=0x7faf100077c0, string=0x7faf1c4f5bb8 "amfInstanceId") at ../lib/sbi/openapi/external/cJSON.c:1827
#3 0x00007faf1c2b4fa3 in OpenAPI_amf3_gpp_access_registration_parseFromJSON (amf3_gpp_access_registrationJSON=0x7faf100077c0) at ../lib/sbi/openapi/model/amf3_gpp_access_registration.c:309
#4 0x00007faf1c656acf in parse_json (message=0x7faf1869f8c0, content_type=0x7faf10009fc0 "application/json",
json=0x7faf1000a6e0 "[{ \"amfInstanceId\": \"ee230e80-ac15-41ec-a0de-1123e64a0914\", \"deregCallbackUri\": \"http://127.0.0.5:7777/namf-callback/v1/imsi-001010000050970/dereg-notify\", \"guami\": { \"plmnId\": { \"mcc\": \"001\", \"mnc\": "...) at ../lib/sbi/message.c:1192
#5 0x00007faf1c65988a in parse_content (message=0x7faf1869f8c0, http=0x7faf1898f1e8) at ../lib/sbi/message.c:1753
#6 0x00007faf1c65298d in ogs_sbi_parse_request (message=0x7faf1869f8c0, request=0x7faf1898f178) at ../lib/sbi/message.c:552
#7 0x00005641ff1506a3 in udr_state_operational (s=0x7faf1869fc50, e=0x5641ff453890) at ../src/udr/udr-sm.c:69
#8 0x00007faf1c6d3ae3 in ogs_fsm_dispatch (sm=0x7faf1869fc50, event=0x5641ff453890) at ../lib/core/ogs-fsm.c:62
#9 0x00005641ff14cd80 in udr_main (data=0x0) at ../src/udr/init.c:136
#10 0x00007faf1c6c5639 in thread_worker (arg=0x5641ff4c36b0) at ../lib/core/ogs-thread.c:67
#11 0x00007faf1bfd0609 in start_thread (arg=<optimized out>) at pthread_create.c:477
#12 0x00007faf1c12c163 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95
(gdb)
The text was updated successfully, but these errors were encountered:
The patch to fix this is simple, but since this is in external library, don't know if it is to be fixed or not. But anyway, NF should not crash on incorrect input.
NF (in this particular case UDR) crashes with a segfault in case that a HTTP2 request is received which contains JSON payload that is not expected. JSON payload was constructed as an JSON array containing JSON object:
[ { "amfInstanceId": "xxx", ...}]
. But the UDR was expecting JSON payload containing JSON object directly:{ "amfInstanceId": "xxx", ...}
The text was updated successfully, but these errors were encountered: