From c38bbe8b40333dd571fd1ba555603a822c1b3b93 Mon Sep 17 00:00:00 2001
From: Jonathan Wright <jonathan@almalinux.org>
Date: Tue, 18 Jul 2023 10:04:03 -0500
Subject: [PATCH] Fix CVE-2023-38403

Signed-off-by: Jonathan Wright <jonathan@almalinux.org>
---
 SOURCES/cve-2023-38403.patch | 44 ++++++++++++++++++++++++++++++++++++
 SPECS/iperf3.spec            |  9 ++++++--
 2 files changed, 51 insertions(+), 2 deletions(-)
 create mode 100644 SOURCES/cve-2023-38403.patch

diff --git a/SOURCES/cve-2023-38403.patch b/SOURCES/cve-2023-38403.patch
new file mode 100644
index 0000000..319af93
--- /dev/null
+++ b/SOURCES/cve-2023-38403.patch
@@ -0,0 +1,44 @@
+From 41f5129d402bcd14ec4d2cde875203ab51076352 Mon Sep 17 00:00:00 2001
+From: "Bruce A. Mah" <bmah@es.net>
+Date: Fri, 7 Jul 2023 11:03:43 -0700
+Subject: [PATCH] Fix memory allocation hazard (#1542).
+
+Reported by:	@someusername123 on GitHub
+---
+ src/iperf_api.c | 9 ++++++++-
+ 1 file changed, 8 insertions(+), 1 deletion(-)
+
+diff --git a/src/iperf_api.c b/src/iperf_api.c
+index f2d416214..a95e02418 100644
+--- a/src/iperf_api.c
++++ b/src/iperf_api.c
+@@ -2670,6 +2670,7 @@ static cJSON *
+ JSON_read(int fd)
+ {
+     uint32_t hsize, nsize;
++    size_t strsize;
+     char *str;
+     cJSON *json = NULL;
+     int rc;
+@@ -2682,7 +2683,9 @@ JSON_read(int fd)
+     if (Nread(fd, (char*) &nsize, sizeof(nsize), Ptcp) >= 0) {
+ 	hsize = ntohl(nsize);
+ 	/* Allocate a buffer to hold the JSON */
+-	str = (char *) calloc(sizeof(char), hsize+1);	/* +1 for trailing null */
++	strsize = hsize + 1;              /* +1 for trailing NULL */
++	if (strsize) {
++	str = (char *) calloc(sizeof(char), strsize);
+ 	if (str != NULL) {
+ 	    rc = Nread(fd, str, hsize, Ptcp);
+ 	    if (rc >= 0) {
+@@ -2701,6 +2704,10 @@ JSON_read(int fd)
+ 	    }
+ 	}
+ 	free(str);
++	}
++	else {
++	    printf("WARNING:  Data length overflow\n");
++	}
+     }
+     return json;
+ }
diff --git a/SPECS/iperf3.spec b/SPECS/iperf3.spec
index 463dc63..9dcf877 100644
--- a/SPECS/iperf3.spec
+++ b/SPECS/iperf3.spec
@@ -1,11 +1,13 @@
 Name:           iperf3
 Version:        3.9
-Release:        9%{?dist}
+Release:        9%{?dist}.1.alma
 Summary:        Measurement tool for TCP/UDP bandwidth performance
 
 License:        BSD
 URL:            https://github.com/esnet/iperf
 Source0:        https://github.com/esnet/iperf/archive/%{version}.tar.gz
+# https://patch-diff.githubusercontent.com/raw/esnet/iperf/pull/1543.patch
+Patch:          cve-2023-38403.patch
 BuildRequires:  libuuid-devel
 BuildRequires:  gcc
 BuildRequires:  lksctp-tools-devel
@@ -26,7 +28,7 @@ The %{name}-devel package contains libraries and header files for
 developing applications that use %{name}.
 
 %prep
-%setup -q -n iperf-%{version}
+%autosetup -n iperf-%{version} -p1
 
 %build
 %configure --disable-static
@@ -52,6 +54,9 @@ rm -f %{buildroot}%{_libdir}/libiperf.la
 %{_libdir}/*.so
 
 %changelog
+* Tue Jul 18 2023 Jonathan Wright <jonathan@almalinux.org> - 3.9-9.1.alma
+- Fix CVE-2023-38403
+
 * Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 3.9-9
 - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
   Related: rhbz#1991688