1
0
forked from rpms/iperf3

Fix CVE-2023-38403

Signed-off-by: Jonathan Wright <jonathan@almalinux.org>
This commit is contained in:
Jonathan Wright 2023-07-18 10:04:03 -05:00
parent 9c29c0b23f
commit 0f514ae632
2 changed files with 50 additions and 1 deletions

View File

@ -0,0 +1,44 @@
From 41f5129d402bcd14ec4d2cde875203ab51076352 Mon Sep 17 00:00:00 2001
From: "Bruce A. Mah" <bmah@es.net>
Date: Fri, 7 Jul 2023 11:03:43 -0700
Subject: [PATCH] Fix memory allocation hazard (#1542).
Reported by: @someusername123 on GitHub
---
src/iperf_api.c | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
diff --git a/src/iperf_api.c b/src/iperf_api.c
index f2d416214..a95e02418 100644
--- a/src/iperf_api.c
+++ b/src/iperf_api.c
@@ -2670,6 +2670,7 @@ static cJSON *
JSON_read(int fd)
{
uint32_t hsize, nsize;
+ size_t strsize;
char *str;
cJSON *json = NULL;
int rc;
@@ -2682,7 +2683,9 @@ JSON_read(int fd)
if (Nread(fd, (char*) &nsize, sizeof(nsize), Ptcp) >= 0) {
hsize = ntohl(nsize);
/* Allocate a buffer to hold the JSON */
- str = (char *) calloc(sizeof(char), hsize+1); /* +1 for trailing null */
+ strsize = hsize + 1; /* +1 for trailing NULL */
+ if (strsize) {
+ str = (char *) calloc(sizeof(char), strsize);
if (str != NULL) {
rc = Nread(fd, str, hsize, Ptcp);
if (rc >= 0) {
@@ -2701,6 +2704,10 @@ JSON_read(int fd)
}
}
free(str);
+ }
+ else {
+ printf("WARNING: Data length overflow\n");
+ }
}
return json;
}

View File

@ -1,11 +1,13 @@
Name: iperf3
Version: 3.9
Release: 9%{?dist}
Release: 9.1.alma%{?dist}
Summary: Measurement tool for TCP/UDP bandwidth performance
License: BSD
URL: https://github.com/esnet/iperf
Source0: https://github.com/esnet/iperf/archive/%{version}.tar.gz
# https://patch-diff.githubusercontent.com/raw/esnet/iperf/pull/1543.patch
Patch: cve-2023-38403.patch
BuildRequires: libuuid-devel
BuildRequires: gcc
BuildRequires: lksctp-tools-devel
@ -52,6 +54,9 @@ rm -f %{buildroot}%{_libdir}/libiperf.la
%{_libdir}/*.so
%changelog
* Tue Jul 18 2023 Jonathan Wright <jonathan@almalinux.org> - 3.9-9.1.alma
- Fix CVE-2023-38403
* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 3.9-9
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
Related: rhbz#1991688