open5gs/lib/pfcp/context.c at 05ed95d623f1179c6472d454df6e369db97c5ef6

mirror of https://github.com/open5gs/open5gs.git synced 2025-11-22 15:31:16 +00:00

Files

Sukchan Lee 2fbc445d32 [PFCP] Fixed Possible heap buffer overflow (#2585 )

After examining the call stack and reading the source code, I found that
in /lib/core/ogs-pool.h line 152: (pool)->array[i] = i+1;
then in lib/pfcp/context.c line 78: pdr_random_to_index[ogs_pfcp_pdr_teid_pool.array[i]] = i;
ogs_pfcp_pdr_teid_pool.array[i] may exceed the size of pdr_random_to_index, leading to a heap-buffer-overflow.

2023-09-06 07:14:51 +09:00

67 KiB

Raw Blame History

View Raw

67 KiB Raw Blame History

67 KiB

Raw Blame History