search

mouse07410 / asn1c

The ASN.1 Compiler
http://lionet.info/asn1c/
BSD 2-Clause "Simplified" License
93 stars 70 forks source link

Unable to decode constrained OCTET_STRING in F1AP SetupRequest #118

Open grzegorzniemirowski opened 1 year ago

grzegorzniemirowski commented 1 year ago

In F1AP ASN there is such definition of information element:

RRC-Version-ExtIEs  F1AP-PROTOCOL-EXTENSION ::= {
    {ID id-latest-RRC-Version-Enhanced      CRITICALITY ignore EXTENSION OCTET STRING (SIZE(3))     PRESENCE optional },
    ...
}

The size of this OCTET STRING is not properly processed by asn1c. It is treated as unconstrained. Here is generated code:

static const long asn_VAL_96_F1AP_id_latest_RRC_Version_Enhanced = 199;
static const long asn_VAL_96_F1AP_ignore = 1;
static const long asn_VAL_96_F1AP_optional = 0;
static const asn_ioc_cell_t asn_IOS_F1AP_RRC_Version_ExtIEs_1_rows[] = {
    { "&id", aioc__value, &asn_DEF_F1AP_ProtocolExtensionID, &asn_VAL_96_F1AP_id_latest_RRC_Version_Enhanced },
    { "&criticality", aioc__value, &asn_DEF_F1AP_Criticality, &asn_VAL_96_F1AP_ignore },
    { "&Extension", aioc__type, &asn_DEF_OCTET_STRING },
    { "&presence", aioc__value, &asn_DEF_F1AP_Presence, &asn_VAL_96_F1AP_optional }
};

There is no sign of size constrained to 3 octets. So when this IE is encountered in APER data, decoder expects length field which is not there and the decoding fails.

        Decoding member "extensionValue" in RRC-Version-ExtIEs (constr_SEQUENCE_aper.c:130)
        Getting open type OCTET STRING... (aper_opentype.c:25)
        Aligning 6 bits (aper_support.c:13)
          [PER got  6<=38 bits => span 48 +5[8..40]:40 (32) => 0x0] (asn_bit_data.c:132)
          [PER got  8<=32 bits => span 56 +6[8..32]:03 (24) => 0x3] (asn_bit_data.c:132)
          [PER got 24<=24 bits => span 80 +7[24..24]:0f (0) => 0xf0600] (asn_bit_data.c:132)
        Getting open type OCTET STRING encoded in 3 bytes (aper_opentype.c:50)
            PER Decoding non-extensible size 0 .. 0 bits -1 (OCTET_STRING_aper.c:103)
              [PER got  8<=24 bits => span 8 +0[8..24]:0f (16) => 0xf] (asn_bit_data.c:132)
            Got PER length eb -1, len 15, once (OCTET STRING) (OCTET_STRING_aper.c:182)
            Expanding 15 characters into (0..255):8 (OCTET_STRING.c:257)
        Freeing OCTET STRING as OCTET STRING (OCTET_STRING.c:107)
        Failed decode extensionValue in RRC-Version-ExtIEs (constr_SEQUENCE_aper.c:145)

The example code:

#include <sys/types.h>
#include <stdio.h>
#include "asn_application.h"
#include "asn_internal.h"
#include "F1AP-PDU.h"

uint8_t buf[] = {
        0x00, 0x01, 0x00, 0x80, 0xea, 0x00, 0x00, 0x05,
        0x00, 0x4e, 0x00, 0x02, 0x00, 0x00, 0x00, 0x2a,
        0x00, 0x06, 0x80, 0x08, 0xe5, 0x7c, 0xdb, 0xd7,
        0x00, 0x2d, 0x40, 0x3d, 0x1d, 0x00, 0x45, 0x66,
        0x66, 0x6e, 0x65, 0x74, 0x20, 0x35, 0x64, 0x62,
        0x34, 0x62, 0x62, 0x62, 0x61, 0x20, 0x2d, 0x20,
        0x54, 0x68, 0x65, 0x20, 0x71, 0x75, 0x69, 0x63,
        0x6b, 0x20, 0x62, 0x72, 0x6f, 0x77, 0x6e, 0x20,
        0x66, 0x6f, 0x78, 0x20, 0x6a, 0x75, 0x6d, 0x70,
        0x73, 0x20, 0x6f, 0x76, 0x65, 0x72, 0x20, 0x61,
        0x20, 0x6c, 0x61, 0x7a, 0x79, 0x20, 0x64, 0x6f,
        0x67, 0x00, 0x2c, 0x00, 0x80, 0x83, 0x00, 0x00,
        0x00, 0x2b, 0x00, 0x7d, 0x48, 0x00, 0x00, 0xf1,
        0x10, 0x00, 0x00, 0x00, 0x00, 0x10, 0x00, 0x33,
        0x00, 0x00, 0x01, 0x08, 0x00, 0xf1, 0x10, 0x00,
        0x00, 0x00, 0x83, 0x40, 0x04, 0x00, 0x00, 0x00,
        0x20, 0x41, 0x00, 0x09, 0xe6, 0x88, 0x00, 0x00,
        0x4d, 0x00, 0x27, 0x00, 0x04, 0xde, 0xad, 0xbe,
        0xef, 0x00, 0x03, 0x02, 0x03, 0x28, 0x4a, 0x92,
        0x00, 0x00, 0x0c, 0x20, 0x02, 0x01, 0x01, 0x00,
        0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x1a, 0x42,
        0x13, 0x40, 0x18, 0x00, 0x00, 0x9a, 0x59, 0xc3,
        0x2c, 0xd7, 0xe6, 0x46, 0xe0, 0x80, 0x40, 0x00,
        0x30, 0x01, 0x00, 0x00, 0x82, 0x0c, 0x04, 0x20,
        0x00, 0x00, 0x13, 0x4b, 0x9c, 0x32, 0xcc, 0x89,
        0x94, 0x00, 0x01, 0xc2, 0x9a, 0xfb, 0xc0, 0x09,
        0x0b, 0x85, 0x40, 0x70, 0xe8, 0x04, 0x1e, 0x03,
        0xb0, 0x09, 0x00, 0x40, 0x40, 0x26, 0x3d, 0xa3,
        0x0a, 0x00, 0xab, 0x00, 0x0a, 0x80, 0x00, 0x00,
        0x00, 0xc7, 0x40, 0x03, 0x0f, 0x06, 0x00
};

int main() {
    F1AP_PDU_t* pdu = NULL;
    int len = sizeof(buf);
    asn_dec_rval_t ret = aper_decode_complete(NULL, &asn_DEF_F1AP_PDU, &pdu, buf, len);
    printf("%ld %d\n", ret.consumed, ret.code);
    return 0;
}

F1SetupRequest.zip PER encoded F1SetupRequest to be checked on https://www.marben-products.com/decoder-asn1-nr/

38.473-F1AP-16.7.0.asn.zip The F1AP ASN file

ruffyontheweb commented 1 year ago

I have observed this as well. I believe your report identifies the issue with greater clarity, but for completeness I'll link what I documented in the stale vlm fork https://github.com/vlm/asn1c/issues/456

mouse07410 commented 1 year ago

Thanks for reporting it. Any recommendation for a fix?

mouse07410 commented 1 year ago

@ruffyontheweb @grzegorzniemirowski any suggestion for a fix? Or where, in your opinion, the problem is? Scouring through the whole compiler is infeasible for me now.

ruffyontheweb commented 1 year ago

Sorry, none from me.

grzegorzniemirowski commented 1 year ago

I'm sorry, I can't help.