# Vulnerability Summary ## Vulnerability Overview A robustness issue exists in the parsing and construction of Protocol Configuration Options (PCO) within the Open5GS system. When PCO data is malformed, the system triggers an `ogs_assert` failure, causing the SMF process to terminate unconditionally. ## Impact Scope - Affects all modules utilizing PCO functionality: - Generic parser - SMF build routines - All downstream build paths, including SM, SGM, and SSC modules ## Remediation Replace `ogs_assert` with conditional checks: - In `ogs_pco_parse()`, replace `ogs_assert(size == data_len)` with `ogs_expect(size == data_len)` - In the SMF PCO build functions, replace `ogs_assert(pco_len > 0)` with explicit `if (pco_len 0); + if (pco_len ngtp.ue_pco.data, sess->ngtp.ue_pco.len); + return NULL; + } // src/smf/gsm-build.c - ogs_assert(epco_len > 0); + if (epco_len nas.ue_epco.buffer, sess->nas.ue_epco.length); + goto cleanup; + } // src/smf/ssc-build.c - ogs_assert(pco_len > 0); + if (pco_len ngtp.ue_pco.data, sess->ngtp.ue_pco.len); + goto cleanup; + } - ogs_assert(epco_len > 0); + if (epco_len ngtp.ue_epco.data, sess->ngtp.ue_epco.len); + goto cleanup; + } ```