From f7cdc2e45e58979f95a907bec91a1d2858de2d83 Mon Sep 17 00:00:00 2001 From: reki9185 Date: Tue, 9 Sep 2025 20:18:26 +0800 Subject: [PATCH 1/5] fix: getSecurityHeaderType --- internal/nas/nas_security/security.go | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/internal/nas/nas_security/security.go b/internal/nas/nas_security/security.go index 10297f05..c795b77c 100644 --- a/internal/nas/nas_security/security.go +++ b/internal/nas/nas_security/security.go @@ -134,6 +134,11 @@ func Decode(ue *context.AmfUe, accessType models.AccessType, payload []byte, msg = new(nas.Message) msg.ProtocolDiscriminator = payload[0] + + if len(payload) < 2 { + return nil, false, fmt.Errorf("malformed NAS PDU") + } + msg.SecurityHeaderType = nas.GetSecurityHeaderType(payload) & 0x0f ue.NASLog.Traceln("securityHeaderType is ", msg.SecurityHeaderType) if msg.SecurityHeaderType != nas.SecurityHeaderTypePlainNas { // Security protected NAS message @@ -362,6 +367,11 @@ func DecodePlainNasNoIntegrityCheck(payload []byte) (*nas.Message, error) { } msg := new(nas.Message) + + if len(payload) < 2 { + return nil, fmt.Errorf("malformed NAS PDU") + } + msg.SecurityHeaderType = nas.GetSecurityHeaderType(payload) & SecurityHeaderTypeMask if msg.SecurityHeaderType == nas.SecurityHeaderTypeIntegrityProtectedAndCiphered || msg.SecurityHeaderType == nas.SecurityHeaderTypeIntegrityProtectedAndCipheredWithNew5gNasSecurityContext { From c29cd7fbc7b401f12aa60087e8becf5ee740bfd1 Mon Sep 17 00:00:00 2001 From: reki9185 Date: Tue, 9 Sep 2025 20:23:28 +0800 Subject: [PATCH 2/5] fix: golangci-lint --- internal/nas/nas_security/security.go | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/internal/nas/nas_security/security.go b/internal/nas/nas_security/security.go index c795b77c..9427e353 100644 --- a/internal/nas/nas_security/security.go +++ b/internal/nas/nas_security/security.go @@ -136,8 +136,8 @@ func Decode(ue *context.AmfUe, accessType models.AccessType, payload []byte, msg.ProtocolDiscriminator = payload[0] if len(payload) < 2 { - return nil, false, fmt.Errorf("malformed NAS PDU") - } + return nil, false, fmt.Errorf("malformed NAS PDU") + } msg.SecurityHeaderType = nas.GetSecurityHeaderType(payload) & 0x0f ue.NASLog.Traceln("securityHeaderType is ", msg.SecurityHeaderType) @@ -369,8 +369,8 @@ func DecodePlainNasNoIntegrityCheck(payload []byte) (*nas.Message, error) { msg := new(nas.Message) if len(payload) < 2 { - return nil, fmt.Errorf("malformed NAS PDU") - } + return nil, fmt.Errorf("malformed NAS PDU") + } msg.SecurityHeaderType = nas.GetSecurityHeaderType(payload) & SecurityHeaderTypeMask if msg.SecurityHeaderType == nas.SecurityHeaderTypeIntegrityProtectedAndCiphered || From fe1eaa3535c7d59244124f1add9900e6e935fb2f Mon Sep 17 00:00:00 2001 From: reki9185 Date: Wed, 10 Sep 2025 12:50:23 +0800 Subject: [PATCH 3/5] fix: add comment --- internal/nas/nas_security/security.go | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/internal/nas/nas_security/security.go b/internal/nas/nas_security/security.go index 9427e353..8a1523a4 100644 --- a/internal/nas/nas_security/security.go +++ b/internal/nas/nas_security/security.go @@ -135,10 +135,6 @@ func Decode(ue *context.AmfUe, accessType models.AccessType, payload []byte, msg = new(nas.Message) msg.ProtocolDiscriminator = payload[0] - if len(payload) < 2 { - return nil, false, fmt.Errorf("malformed NAS PDU") - } - msg.SecurityHeaderType = nas.GetSecurityHeaderType(payload) & 0x0f ue.NASLog.Traceln("securityHeaderType is ", msg.SecurityHeaderType) if msg.SecurityHeaderType != nas.SecurityHeaderTypePlainNas { // Security protected NAS message @@ -368,8 +364,9 @@ func DecodePlainNasNoIntegrityCheck(payload []byte) (*nas.Message, error) { msg := new(nas.Message) + // A plain NAS message must have a minimum length of 2 bytes. if len(payload) < 2 { - return nil, fmt.Errorf("malformed NAS PDU") + return nil, false, fmt.Errorf("NAS payload is too short") } msg.SecurityHeaderType = nas.GetSecurityHeaderType(payload) & SecurityHeaderTypeMask From e55260e178e61c9f3fdeab7845d7950af66ef22f Mon Sep 17 00:00:00 2001 From: reki9185 Date: Wed, 10 Sep 2025 12:54:12 +0800 Subject: [PATCH 4/5] fix: golangci-lint --- internal/nas/nas_security/security.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/internal/nas/nas_security/security.go b/internal/nas/nas_security/security.go index 8a1523a4..f7b7187c 100644 --- a/internal/nas/nas_security/security.go +++ b/internal/nas/nas_security/security.go @@ -366,7 +366,7 @@ func DecodePlainNasNoIntegrityCheck(payload []byte) (*nas.Message, error) { // A plain NAS message must have a minimum length of 2 bytes. if len(payload) < 2 { - return nil, false, fmt.Errorf("NAS payload is too short") + return nil, fmt.Errorf("NAS payload is too short") } msg.SecurityHeaderType = nas.GetSecurityHeaderType(payload) & SecurityHeaderTypeMask From c0ee396f9623be393cbfa794a387dd652fa3929d Mon Sep 17 00:00:00 2001 From: reki9185 Date: Tue, 16 Sep 2025 18:58:27 +0800 Subject: [PATCH 5/5] fix: remove unnecessary newline --- internal/nas/nas_security/security.go | 1 - 1 file changed, 1 deletion(-) diff --git a/internal/nas/nas_security/security.go b/internal/nas/nas_security/security.go index f7b7187c..95d6d58e 100644 --- a/internal/nas/nas_security/security.go +++ b/internal/nas/nas_security/security.go @@ -134,7 +134,6 @@ func Decode(ue *context.AmfUe, accessType models.AccessType, payload []byte, msg = new(nas.Message) msg.ProtocolDiscriminator = payload[0] - msg.SecurityHeaderType = nas.GetSecurityHeaderType(payload) & 0x0f ue.NASLog.Traceln("securityHeaderType is ", msg.SecurityHeaderType) if msg.SecurityHeaderType != nas.SecurityHeaderTypePlainNas { // Security protected NAS message