From 0f514ae63288e45fb88b316f6fb518297b4ca0a1 Mon Sep 17 00:00:00 2001 From: Jonathan Wright Date: Tue, 18 Jul 2023 10:04:03 -0500 Subject: [PATCH] Fix CVE-2023-38403 Signed-off-by: Jonathan Wright --- SOURCES/cve-2023-38403.patch | 44 ++++++++++++++++++++++++++++++++++++ SPECS/iperf3.spec | 7 +++++- 2 files changed, 50 insertions(+), 1 deletion(-) create mode 100644 SOURCES/cve-2023-38403.patch diff --git a/SOURCES/cve-2023-38403.patch b/SOURCES/cve-2023-38403.patch new file mode 100644 index 0000000..319af93 --- /dev/null +++ b/SOURCES/cve-2023-38403.patch @@ -0,0 +1,44 @@ +From 41f5129d402bcd14ec4d2cde875203ab51076352 Mon Sep 17 00:00:00 2001 +From: "Bruce A. Mah" +Date: Fri, 7 Jul 2023 11:03:43 -0700 +Subject: [PATCH] Fix memory allocation hazard (#1542). + +Reported by: @someusername123 on GitHub +--- + src/iperf_api.c | 9 ++++++++- + 1 file changed, 8 insertions(+), 1 deletion(-) + +diff --git a/src/iperf_api.c b/src/iperf_api.c +index f2d416214..a95e02418 100644 +--- a/src/iperf_api.c ++++ b/src/iperf_api.c +@@ -2670,6 +2670,7 @@ static cJSON * + JSON_read(int fd) + { + uint32_t hsize, nsize; ++ size_t strsize; + char *str; + cJSON *json = NULL; + int rc; +@@ -2682,7 +2683,9 @@ JSON_read(int fd) + if (Nread(fd, (char*) &nsize, sizeof(nsize), Ptcp) >= 0) { + hsize = ntohl(nsize); + /* Allocate a buffer to hold the JSON */ +- str = (char *) calloc(sizeof(char), hsize+1); /* +1 for trailing null */ ++ strsize = hsize + 1; /* +1 for trailing NULL */ ++ if (strsize) { ++ str = (char *) calloc(sizeof(char), strsize); + if (str != NULL) { + rc = Nread(fd, str, hsize, Ptcp); + if (rc >= 0) { +@@ -2701,6 +2704,10 @@ JSON_read(int fd) + } + } + free(str); ++ } ++ else { ++ printf("WARNING: Data length overflow\n"); ++ } + } + return json; + } diff --git a/SPECS/iperf3.spec b/SPECS/iperf3.spec index 463dc63..307983e 100644 --- a/SPECS/iperf3.spec +++ b/SPECS/iperf3.spec @@ -1,11 +1,13 @@ Name: iperf3 Version: 3.9 -Release: 9%{?dist} +Release: 9.1.alma%{?dist} Summary: Measurement tool for TCP/UDP bandwidth performance License: BSD URL: https://github.com/esnet/iperf Source0: https://github.com/esnet/iperf/archive/%{version}.tar.gz +# https://patch-diff.githubusercontent.com/raw/esnet/iperf/pull/1543.patch +Patch: cve-2023-38403.patch BuildRequires: libuuid-devel BuildRequires: gcc BuildRequires: lksctp-tools-devel @@ -52,6 +54,9 @@ rm -f %{buildroot}%{_libdir}/libiperf.la %{_libdir}/*.so %changelog +* Tue Jul 18 2023 Jonathan Wright - 3.9-9.1.alma +- Fix CVE-2023-38403 + * Mon Aug 09 2021 Mohan Boddu - 3.9-9 - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags Related: rhbz#1991688