Potential Missing Array Size Checks Leading to Crashes in e2mgr

Description

Hello, during my testing, I discovered two instances in the e2mgr where missing array size checks could potentially lead to crashes.

Missing Check in RicServiceUpdateHandler

The logs related to the first vulnerable site are as follows:

Specifically, in /E2Manager/handlers/rmrmsghandlers/ric_service_update_handler.go, the function Handle does not check the size of RICServiceUpdateIEs before using it, potentially leading to an index out-of-range panic.

Missing Array Size Check in E2nodeConfigUpdateNotificationHandler

The logs related to the second vulnerable site are as follows:

Here, in /E2Manager/models/e2_node_configuration_update_ack.go, the function NewE2nodeConfigurationUpdateSuccessResponseMessage uses E2nodeConfigurationUpdateIEs without checking its size.

Please let me know if any additional information is needed. Thanks for your help!

Environment

None

Activity

Show:

Himanshu Purohit April 30, 2024 at 12:05 PM

Can you/someone from Nokia review the changes?

Tianchang Yang April 9, 2024 at 1:33 PM

Thank you for your response. Do you know who I can ask to review my changes on Gerrit? If possible, could you tag them? Thank you!

Himanshu Purohit April 9, 2024 at 12:07 PM

The condition for checking the length of the slice seems good to me. However, I’m unable to provide a review on Gerrit because I’m not in the list of reviewers.

Tianchang Yang March 28, 2024 at 2:13 PM

Hello

I have pushed a fix to check for array size. Could you check it out and see if my changes are reasonable? https://gerrit.o-ran-sc.org/r/c/ric-plt/e2mgr/+/12629

Thanks!

Resize issue view side panel

Done

Assignee

Himanshu Purohit

Reporter

Tianchang Yang

Components

Priority

Medium

Created January 24, 2024 at 4:20 PM

Updated July 16, 2024 at 2:24 PM

Resolved July 16, 2024 at 2:24 PM