Potential Slice Bounds Out-of-Range Panic in Indication Message Processing

[ty3gx]

Hello, we've identified two vulnerabilities that could potentially lead to slice bounds out-of-range panic. These can be triggered by processing unexpected indication messages.

The first one is located at
https://github.com/onosproject/rimedo-ts/blob/v0.1.1/pkg/mho/reader.go#L32

And it can be triggered by an input like
header: &{IndicationHeaderFormat1:cgi:{n_r_cgi:{p_lmnidentity:{value:"&\x84\x13"} n_rcell_identity:{value:{value:"\x01\x00U\x14\x00" len:36}}}}}, message: &{IndicationMessageFormat1:ue_id:{g_nb_ueid:{amf_ue_ngap_id:{value:4294987777} guami:{p_lmnidentity:{value:"\x00\x00\x00"} a_mfregion_id:{value:{value:"\x10" len:8}} a_mfset_id:{value:{value:"\x01\x00" len:10}} a_mfpointer:{value:{value:"\x00" len:6}}} g_nb_cu_ue_f1_ap_id_list:{value:{g_nb_cu_ue_f1_ap_id:{value:80}}} ran_ueid:{value:"\x01\x00\x00\x00\x00\x10\x01\x00"}}} meas_report:{cgi:{n_r_cgi:{p_lmnidentity:{value:"\x01\x00\x00"} n_rcell_identity:{value:{value:"\x10\x01\x00\x00\x10" len:36}}}} rsrp:{value:-65535}}}, e2NodeID: e2:1/5154

The second is located at
https://github.com/onosproject/rimedo-ts/blob/v0.1.1/pkg/mho/reader.go#L14

and can be triggered by an input like:
header: &{IndicationHeaderFormat1:cgi:{n_r_cgi:{p_lmnidentity:{value:"&\x84\x13"} n_rcell_identity:{value:{value:"\x01\x00U\x14\x00" len:36}}}}}, message: &{IndicationMessageFormat1:ue_id:{g_nb_ueid:{amf_ue_ngap_id:{value:4294971393} guami:{p_lmnidentity:{value:"\x00P\x01"} a_mfregion_id:{value:{value:"\x00" len:8}} a_mfset_id:{value:{value:"\x00\x00" len:10}} a_mfpointer:{value:{value:"\x00" len:6}}} ran_ueid:{value:"\x00\x10\x01\x00\n\x10\x01\x00"}}} meas_report:{cgi:{n_r_cgi:{p_lmnidentity:{value:"\x01\x00\n"} n_rcell_identity:{value:{value:"P\x01\x00\x00\x00" len:36}}}} rsrp:{value:-65536}} meas_report:{cgi:{e_utra_cgi:{p_lmnidentity:{value:"\x01\x00\n"} e_utracell_identity:{value:{value:"\x10\x01\x00\x00" len:28}}}} rsrp:{value:-65520}}}, e2NodeID: e2:1/5154

Please let me know if you have any questions or if additional information is needed. Thanks!