paulmataruso/open5gs
1
0
Fork 0
mirror of https://github.com/open5gs/open5gs.git synced 2025-10-22 23:31:57 +00:00
Code Issues Packages Projects Releases Wiki Activity

[SMF] Fix crash when stream is NULL in smf_state_operational() (#4061)

Browse Source 
During integration tests with a third-party SCP, SMF crashed after
processing the UDM response to a PUT request during UE attachment.
This issue was traced to a missing NULL-check on the `stream` pointer
inside smf_state_operational().

Previously, the code asserted `stream` unconditionally when sending
the HTTP response or PDU session created data. If the SBI stream had
already been removed, the assertion failed, causing SMF to abort.

This patch adds a NULL-check for `stream`. When `stream` is NULL,
an error log is printed instead of asserting. This prevents SMF from
crashing and allows it to continue processing.

Tested with:
- Open5GS v2.7.6-21-g0516e01
- SCP from another vendor (crash reproduced and fixed)
- Open5GS SCP (no crash observed)

Fixes: smf_state_operational() assertion failure at smf-sm.c:1075
This commit is contained in:
Sukchan Lee
2025-09-14 10:56:31 +09:00
parent edfdd3d126
commit 9dbc0cffb5
1 changed files with 11 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
src/smf/smf-sm.c
View File

@@ -1072,14 +1072,21 @@ void smf_state_operational(ogs_fsm_t *s, smf_event_t *e)
}
if (state == SMF_UECM_STATE_REGISTERED) {
ogs_assert(stream);
ogs_assert(true == ogs_sbi_send_http_status_no_content(stream));
if (stream)
ogs_assert(true ==
ogs_sbi_send_http_status_no_content(stream));
else
ogs_error("Stream has already been removed");
smf_metrics_inst_by_slice_add(
&sess->serving_plmn_id, &sess->s_nssai,
SMF_METR_CTR_SM_PDUSESSIONCREATIONSUCC, 1);
} else if (state == SMF_UECM_STATE_REGISTERED_HR) {
ogs_assert(stream);
smf_sbi_send_pdu_session_created_data(sess, stream);
if (stream)
smf_sbi_send_pdu_session_created_data(sess, stream);
else
ogs_error("Stream has already been removed");
smf_metrics_inst_by_slice_add(
&sess->serving_plmn_id, &sess->s_nssai,
SMF_METR_CTR_SM_PDUSESSIONCREATIONSUCC, 1);