Rebase to version 3.21
Resolves: RHEL-173619 Resolves: RHEL-125978 - high CPU usage
This commit is contained in:
parent
5e284a3231
commit
5d166ea513
1
.gitignore
vendored
1
.gitignore
vendored
@ -29,3 +29,4 @@
|
||||
/iperf-3.15.tar.gz
|
||||
/iperf-3.16.tar.gz
|
||||
/iperf-3.17.1.tar.gz
|
||||
/iperf-3.21.tar.gz
|
||||
|
||||
@ -1,290 +0,0 @@
|
||||
From 3f66f604df7f1038a49108c48612c2f4fe71331f Mon Sep 17 00:00:00 2001
|
||||
From: Sarah Larsen <swlarsen@es.net>
|
||||
Date: Fri, 15 Nov 2024 23:23:05 +0000
|
||||
Subject: [PATCH] Add a variant of cJSON_GetObjectItem that does type-checking.
|
||||
|
||||
This avoids a potential server crash with malformed iperf3
|
||||
parameter sets. (CVE-2024-53580)
|
||||
|
||||
Vulnerability report submitted by Leonid Krolle Bi.Zone.
|
||||
|
||||
Original version of fix by @dopheide-esnet.
|
||||
---
|
||||
src/iperf_api.c | 98 +++++++++++++++++++++++------------------------
|
||||
src/iperf_error.c | 6 +--
|
||||
src/iperf_util.c | 38 +++++++++++++++++-
|
||||
src/iperf_util.h | 1 +
|
||||
4 files changed, 90 insertions(+), 53 deletions(-)
|
||||
|
||||
diff --git a/src/iperf_api.c b/src/iperf_api.c
|
||||
index bad0a63ad..fa06dc830 100644
|
||||
--- a/src/iperf_api.c
|
||||
+++ b/src/iperf_api.c
|
||||
@@ -2347,72 +2347,72 @@ get_parameters(struct iperf_test *test)
|
||||
cJSON_free(str);
|
||||
}
|
||||
|
||||
- if ((j_p = cJSON_GetObjectItem(j, "tcp")) != NULL)
|
||||
+ if ((j_p = iperf_cJSON_GetObjectItemType(j, "tcp", cJSON_True)) != NULL)
|
||||
set_protocol(test, Ptcp);
|
||||
- if ((j_p = cJSON_GetObjectItem(j, "udp")) != NULL)
|
||||
+ if ((j_p = iperf_cJSON_GetObjectItemType(j, "udp", cJSON_True)) != NULL)
|
||||
set_protocol(test, Pudp);
|
||||
- if ((j_p = cJSON_GetObjectItem(j, "sctp")) != NULL)
|
||||
+ if ((j_p = iperf_cJSON_GetObjectItemType(j, "sctp", cJSON_True)) != NULL)
|
||||
set_protocol(test, Psctp);
|
||||
- if ((j_p = cJSON_GetObjectItem(j, "omit")) != NULL)
|
||||
+ if ((j_p = iperf_cJSON_GetObjectItemType(j, "omit", cJSON_Number)) != NULL)
|
||||
test->omit = j_p->valueint;
|
||||
- if ((j_p = cJSON_GetObjectItem(j, "server_affinity")) != NULL)
|
||||
+ if ((j_p = iperf_cJSON_GetObjectItemType(j, "server_affinity", cJSON_Number)) != NULL)
|
||||
test->server_affinity = j_p->valueint;
|
||||
- if ((j_p = cJSON_GetObjectItem(j, "time")) != NULL)
|
||||
+ if ((j_p = iperf_cJSON_GetObjectItemType(j, "time", cJSON_Number)) != NULL)
|
||||
test->duration = j_p->valueint;
|
||||
test->settings->bytes = 0;
|
||||
- if ((j_p = cJSON_GetObjectItem(j, "num")) != NULL)
|
||||
+ if ((j_p = iperf_cJSON_GetObjectItemType(j, "num", cJSON_Number)) != NULL)
|
||||
test->settings->bytes = j_p->valueint;
|
||||
test->settings->blocks = 0;
|
||||
- if ((j_p = cJSON_GetObjectItem(j, "blockcount")) != NULL)
|
||||
+ if ((j_p = iperf_cJSON_GetObjectItemType(j, "blockcount", cJSON_Number)) != NULL)
|
||||
test->settings->blocks = j_p->valueint;
|
||||
- if ((j_p = cJSON_GetObjectItem(j, "MSS")) != NULL)
|
||||
+ if ((j_p = iperf_cJSON_GetObjectItemType(j, "MSS", cJSON_Number)) != NULL)
|
||||
test->settings->mss = j_p->valueint;
|
||||
- if ((j_p = cJSON_GetObjectItem(j, "nodelay")) != NULL)
|
||||
+ if ((j_p = iperf_cJSON_GetObjectItemType(j, "nodelay", cJSON_True)) != NULL)
|
||||
test->no_delay = 1;
|
||||
- if ((j_p = cJSON_GetObjectItem(j, "parallel")) != NULL)
|
||||
+ if ((j_p = iperf_cJSON_GetObjectItemType(j, "parallel", cJSON_Number)) != NULL)
|
||||
test->num_streams = j_p->valueint;
|
||||
- if ((j_p = cJSON_GetObjectItem(j, "reverse")) != NULL)
|
||||
+ if ((j_p = iperf_cJSON_GetObjectItemType(j, "reverse", cJSON_True)) != NULL)
|
||||
iperf_set_test_reverse(test, 1);
|
||||
- if ((j_p = cJSON_GetObjectItem(j, "bidirectional")) != NULL)
|
||||
+ if ((j_p = iperf_cJSON_GetObjectItemType(j, "bidirectional", cJSON_True)) != NULL)
|
||||
iperf_set_test_bidirectional(test, 1);
|
||||
- if ((j_p = cJSON_GetObjectItem(j, "window")) != NULL)
|
||||
+ if ((j_p = iperf_cJSON_GetObjectItemType(j, "window", cJSON_Number)) != NULL)
|
||||
test->settings->socket_bufsize = j_p->valueint;
|
||||
- if ((j_p = cJSON_GetObjectItem(j, "len")) != NULL)
|
||||
+ if ((j_p = iperf_cJSON_GetObjectItemType(j, "len", cJSON_Number)) != NULL)
|
||||
test->settings->blksize = j_p->valueint;
|
||||
- if ((j_p = cJSON_GetObjectItem(j, "bandwidth")) != NULL)
|
||||
+ if ((j_p = iperf_cJSON_GetObjectItemType(j, "bandwidth", cJSON_Number)) != NULL)
|
||||
test->settings->rate = j_p->valueint;
|
||||
- if ((j_p = cJSON_GetObjectItem(j, "fqrate")) != NULL)
|
||||
+ if ((j_p = iperf_cJSON_GetObjectItemType(j, "fqrate", cJSON_Number)) != NULL)
|
||||
test->settings->fqrate = j_p->valueint;
|
||||
- if ((j_p = cJSON_GetObjectItem(j, "pacing_timer")) != NULL)
|
||||
+ if ((j_p = iperf_cJSON_GetObjectItemType(j, "pacing_timer", cJSON_Number)) != NULL)
|
||||
test->settings->pacing_timer = j_p->valueint;
|
||||
- if ((j_p = cJSON_GetObjectItem(j, "burst")) != NULL)
|
||||
+ if ((j_p = iperf_cJSON_GetObjectItemType(j, "burst", cJSON_Number)) != NULL)
|
||||
test->settings->burst = j_p->valueint;
|
||||
- if ((j_p = cJSON_GetObjectItem(j, "TOS")) != NULL)
|
||||
+ if ((j_p = iperf_cJSON_GetObjectItemType(j, "TOS", cJSON_Number)) != NULL)
|
||||
test->settings->tos = j_p->valueint;
|
||||
- if ((j_p = cJSON_GetObjectItem(j, "flowlabel")) != NULL)
|
||||
+ if ((j_p = iperf_cJSON_GetObjectItemType(j, "flowlabel", cJSON_Number)) != NULL)
|
||||
test->settings->flowlabel = j_p->valueint;
|
||||
- if ((j_p = cJSON_GetObjectItem(j, "title")) != NULL)
|
||||
+ if ((j_p = iperf_cJSON_GetObjectItemType(j, "title", cJSON_String)) != NULL)
|
||||
test->title = strdup(j_p->valuestring);
|
||||
- if ((j_p = cJSON_GetObjectItem(j, "extra_data")) != NULL)
|
||||
+ if ((j_p = iperf_cJSON_GetObjectItemType(j, "extra_data", cJSON_String)) != NULL)
|
||||
test->extra_data = strdup(j_p->valuestring);
|
||||
- if ((j_p = cJSON_GetObjectItem(j, "congestion")) != NULL)
|
||||
+ if ((j_p = iperf_cJSON_GetObjectItemType(j, "congestion", cJSON_String)) != NULL)
|
||||
test->congestion = strdup(j_p->valuestring);
|
||||
- if ((j_p = cJSON_GetObjectItem(j, "congestion_used")) != NULL)
|
||||
+ if ((j_p = iperf_cJSON_GetObjectItemType(j, "congestion_used", cJSON_String)) != NULL)
|
||||
test->congestion_used = strdup(j_p->valuestring);
|
||||
- if ((j_p = cJSON_GetObjectItem(j, "get_server_output")) != NULL)
|
||||
+ if ((j_p = iperf_cJSON_GetObjectItemType(j, "get_server_output", cJSON_Number)) != NULL)
|
||||
iperf_set_test_get_server_output(test, 1);
|
||||
- if ((j_p = cJSON_GetObjectItem(j, "udp_counters_64bit")) != NULL)
|
||||
+ if ((j_p = iperf_cJSON_GetObjectItemType(j, "udp_counters_64bit", cJSON_Number)) != NULL)
|
||||
iperf_set_test_udp_counters_64bit(test, 1);
|
||||
- if ((j_p = cJSON_GetObjectItem(j, "repeating_payload")) != NULL)
|
||||
+ if ((j_p = iperf_cJSON_GetObjectItemType(j, "repeating_payload", cJSON_Number)) != NULL)
|
||||
test->repeating_payload = 1;
|
||||
- if ((j_p = cJSON_GetObjectItem(j, "zerocopy")) != NULL)
|
||||
+ if ((j_p = iperf_cJSON_GetObjectItemType(j, "zerocopy", cJSON_Number)) != NULL)
|
||||
test->zerocopy = j_p->valueint;
|
||||
#if defined(HAVE_DONT_FRAGMENT)
|
||||
- if ((j_p = cJSON_GetObjectItem(j, "dont_fragment")) != NULL)
|
||||
+ if ((j_p = iperf_cJSON_GetObjectItemType(j, "dont_fragment", cJSON_Number)) != NULL)
|
||||
test->settings->dont_fragment = j_p->valueint;
|
||||
#endif /* HAVE_DONT_FRAGMENT */
|
||||
#if defined(HAVE_SSL)
|
||||
- if ((j_p = cJSON_GetObjectItem(j, "authtoken")) != NULL)
|
||||
+ if ((j_p = iperf_cJSON_GetObjectItemType(j, "authtoken", cJSON_String)) != NULL)
|
||||
test->settings->authtoken = strdup(j_p->valuestring);
|
||||
#endif //HAVE_SSL
|
||||
if (test->mode && test->protocol->id == Ptcp && has_tcpinfo_retransmits())
|
||||
@@ -2571,10 +2571,10 @@ get_results(struct iperf_test *test)
|
||||
i_errno = IERECVRESULTS;
|
||||
r = -1;
|
||||
} else {
|
||||
- j_cpu_util_total = cJSON_GetObjectItem(j, "cpu_util_total");
|
||||
- j_cpu_util_user = cJSON_GetObjectItem(j, "cpu_util_user");
|
||||
- j_cpu_util_system = cJSON_GetObjectItem(j, "cpu_util_system");
|
||||
- j_sender_has_retransmits = cJSON_GetObjectItem(j, "sender_has_retransmits");
|
||||
+ j_cpu_util_total = iperf_cJSON_GetObjectItemType(j, "cpu_util_total", cJSON_Number);
|
||||
+ j_cpu_util_user = iperf_cJSON_GetObjectItemType(j, "cpu_util_user", cJSON_Number);
|
||||
+ j_cpu_util_system = iperf_cJSON_GetObjectItemType(j, "cpu_util_system", cJSON_Number);
|
||||
+ j_sender_has_retransmits = iperf_cJSON_GetObjectItemType(j, "sender_has_retransmits", cJSON_Number);
|
||||
if (j_cpu_util_total == NULL || j_cpu_util_user == NULL || j_cpu_util_system == NULL || j_sender_has_retransmits == NULL) {
|
||||
i_errno = IERECVRESULTS;
|
||||
r = -1;
|
||||
@@ -2596,7 +2596,7 @@ get_results(struct iperf_test *test)
|
||||
else if ( test->mode == BIDIRECTIONAL )
|
||||
test->other_side_has_retransmits = result_has_retransmits;
|
||||
|
||||
- j_streams = cJSON_GetObjectItem(j, "streams");
|
||||
+ j_streams = iperf_cJSON_GetObjectItemType(j, "streams", cJSON_Array);
|
||||
if (j_streams == NULL) {
|
||||
i_errno = IERECVRESULTS;
|
||||
r = -1;
|
||||
@@ -2608,16 +2608,16 @@ get_results(struct iperf_test *test)
|
||||
i_errno = IERECVRESULTS;
|
||||
r = -1;
|
||||
} else {
|
||||
- j_id = cJSON_GetObjectItem(j_stream, "id");
|
||||
- j_bytes = cJSON_GetObjectItem(j_stream, "bytes");
|
||||
- j_retransmits = cJSON_GetObjectItem(j_stream, "retransmits");
|
||||
- j_jitter = cJSON_GetObjectItem(j_stream, "jitter");
|
||||
- j_errors = cJSON_GetObjectItem(j_stream, "errors");
|
||||
- j_omitted_errors = cJSON_GetObjectItem(j_stream, "omitted_errors");
|
||||
- j_packets = cJSON_GetObjectItem(j_stream, "packets");
|
||||
- j_omitted_packets = cJSON_GetObjectItem(j_stream, "omitted_packets");
|
||||
- j_start_time = cJSON_GetObjectItem(j_stream, "start_time");
|
||||
- j_end_time = cJSON_GetObjectItem(j_stream, "end_time");
|
||||
+ j_id = iperf_cJSON_GetObjectItemType(j_stream, "id", cJSON_Number);
|
||||
+ j_bytes = iperf_cJSON_GetObjectItemType(j_stream, "bytes", cJSON_Number);
|
||||
+ j_retransmits = iperf_cJSON_GetObjectItemType(j_stream, "retransmits", cJSON_Number);
|
||||
+ j_jitter = iperf_cJSON_GetObjectItemType(j_stream, "jitter", cJSON_Number);
|
||||
+ j_errors = iperf_cJSON_GetObjectItemType(j_stream, "errors", cJSON_Number);
|
||||
+ j_omitted_errors = iperf_cJSON_GetObjectItemType(j_stream, "omitted_errors", cJSON_Number);
|
||||
+ j_packets = iperf_cJSON_GetObjectItemType(j_stream, "packets", cJSON_Number);
|
||||
+ j_omitted_packets = iperf_cJSON_GetObjectItemType(j_stream, "omitted_packets", cJSON_Number);
|
||||
+ j_start_time = iperf_cJSON_GetObjectItemType(j_stream, "start_time", cJSON_Number);
|
||||
+ j_end_time = iperf_cJSON_GetObjectItemType(j_stream, "end_time", cJSON_Number);
|
||||
if (j_id == NULL || j_bytes == NULL || j_retransmits == NULL || j_jitter == NULL || j_errors == NULL || j_packets == NULL) {
|
||||
i_errno = IERECVRESULTS;
|
||||
r = -1;
|
||||
@@ -2706,7 +2706,7 @@ get_results(struct iperf_test *test)
|
||||
}
|
||||
else {
|
||||
/* No JSON, look for textual output. Make a copy of the text for later. */
|
||||
- j_server_output = cJSON_GetObjectItem(j, "server_output_text");
|
||||
+ j_server_output = iperf_cJSON_GetObjectItemType(j, "server_output_text", cJSON_String);
|
||||
if (j_server_output != NULL) {
|
||||
test->server_output_text = strdup(j_server_output->valuestring);
|
||||
}
|
||||
@@ -2715,7 +2715,7 @@ get_results(struct iperf_test *test)
|
||||
}
|
||||
}
|
||||
|
||||
- j_remote_congestion_used = cJSON_GetObjectItem(j, "congestion_used");
|
||||
+ j_remote_congestion_used = iperf_cJSON_GetObjectItemType(j, "congestion_used", cJSON_String);
|
||||
if (j_remote_congestion_used != NULL) {
|
||||
test->remote_congestion_used = strdup(j_remote_congestion_used->valuestring);
|
||||
}
|
||||
@@ -4960,7 +4960,7 @@ iperf_json_finish(struct iperf_test *test)
|
||||
|
||||
/* --json-stream, so we print various individual objects */
|
||||
if (test->json_stream) {
|
||||
- cJSON *error = cJSON_GetObjectItem(test->json_top, "error");
|
||||
+ cJSON *error = iperf_cJSON_GetObjectItemType(test->json_top, "error", cJSON_String);
|
||||
if (error) {
|
||||
JSONStream_Output(test, "error", error);
|
||||
}
|
||||
diff --git a/src/iperf_error.c b/src/iperf_error.c
|
||||
index e06723ba6..fede216bc 100644
|
||||
--- a/src/iperf_error.c
|
||||
+++ b/src/iperf_error.c
|
||||
@@ -60,11 +60,11 @@ iperf_err(struct iperf_test *test, const char *format, ...)
|
||||
if (test != NULL && test->json_output && test->json_top != NULL)
|
||||
cJSON_AddStringToObject(test->json_top, "error", str);
|
||||
else {
|
||||
- if (pthread_mutex_lock(&(test->print_mutex)) != 0) {
|
||||
+ if (test != NULL && pthread_mutex_lock(&(test->print_mutex)) != 0) {
|
||||
perror("iperf_err: pthread_mutex_lock");
|
||||
}
|
||||
|
||||
- if (test && test->outfile && test->outfile != stdout) {
|
||||
+ if (test != NULL && test->outfile != NULL && test->outfile != stdout) {
|
||||
if (ct) {
|
||||
fprintf(test->outfile, "%s", ct);
|
||||
}
|
||||
@@ -77,7 +77,7 @@ iperf_err(struct iperf_test *test, const char *format, ...)
|
||||
fprintf(stderr, "iperf3: %s\n", str);
|
||||
}
|
||||
|
||||
- if (pthread_mutex_unlock(&(test->print_mutex)) != 0) {
|
||||
+ if (test != NULL && pthread_mutex_unlock(&(test->print_mutex)) != 0) {
|
||||
perror("iperf_err: pthread_mutex_unlock");
|
||||
}
|
||||
|
||||
diff --git a/src/iperf_util.c b/src/iperf_util.c
|
||||
index 3d0c7831b..b5c661bbc 100644
|
||||
--- a/src/iperf_util.c
|
||||
+++ b/src/iperf_util.c
|
||||
@@ -430,6 +430,42 @@ iperf_json_printf(const char *format, ...)
|
||||
return o;
|
||||
}
|
||||
|
||||
+/********************** cJSON GetObjectItem w/ Type Helper ********************/
|
||||
+cJSON * iperf_cJSON_GetObjectItemType(cJSON * j, char * item_string, int expected_type){
|
||||
+ cJSON *j_p;
|
||||
+ if((j_p = cJSON_GetObjectItem(j, item_string)) != NULL)
|
||||
+ switch(expected_type){
|
||||
+ case cJSON_True:
|
||||
+ if(cJSON_IsBool(j_p))
|
||||
+ return j_p;
|
||||
+ else
|
||||
+ iperf_err(NULL, "iperf_cJSON_GetObjectItemType mismatch %s", item_string);
|
||||
+ break;
|
||||
+ case cJSON_String:
|
||||
+ if(cJSON_IsString(j_p))
|
||||
+ return j_p;
|
||||
+ else
|
||||
+ iperf_err(NULL, "iperf_cJSON_GetObjectItemType mismatch %s", item_string);
|
||||
+ break;
|
||||
+ case cJSON_Number:
|
||||
+ if(cJSON_IsNumber(j_p))
|
||||
+ return j_p;
|
||||
+ else
|
||||
+ iperf_err(NULL, "iperf_cJSON_GetObjectItemType mismatch %s", item_string);
|
||||
+ break;
|
||||
+ case cJSON_Array:
|
||||
+ if(cJSON_IsArray(j_p))
|
||||
+ return j_p;
|
||||
+ else
|
||||
+ iperf_err(NULL, "iperf_cJSON_GetObjectItemType mismatch %s", item_string);
|
||||
+ break;
|
||||
+ default:
|
||||
+ iperf_err(NULL, "unsupported type");
|
||||
+ }
|
||||
+
|
||||
+ return NULL;
|
||||
+}
|
||||
+
|
||||
/* Debugging routine to dump out an fd_set. */
|
||||
void
|
||||
iperf_dump_fdset(FILE *fp, const char *str, int nfds, fd_set *fds)
|
||||
diff --git a/src/iperf_util.h b/src/iperf_util.h
|
||||
index a371cfcaa..02b280ec5 100644
|
||||
--- a/src/iperf_util.h
|
||||
+++ b/src/iperf_util.h
|
||||
@@ -53,6 +53,7 @@ const char* get_system_info(void);
|
||||
const char* get_optional_features(void);
|
||||
|
||||
cJSON* iperf_json_printf(const char *format, ...);
|
||||
+cJSON * iperf_cJSON_GetObjectItemType(cJSON * j_p, char * item_string, int expected_type);
|
||||
|
||||
void iperf_dump_fdset(FILE *fp, const char *str, int nfds, fd_set *fds);
|
||||
|
||||
@ -1,90 +0,0 @@
|
||||
From 4e5313bab0b9b3fe03513ab54f722c8a3e4b7bdf Mon Sep 17 00:00:00 2001
|
||||
From: Sarah Larsen <swlarsen@es.net>
|
||||
Date: Wed, 25 Jun 2025 15:11:03 +0000
|
||||
Subject: [PATCH] Fix off-by-one heap overflow in auth.
|
||||
|
||||
Reported by Han Lee (Apple Information Security)
|
||||
CVE-2025-54349
|
||||
---
|
||||
src/iperf_auth.c | 18 +++++++++++++-----
|
||||
1 file changed, 13 insertions(+), 5 deletions(-)
|
||||
|
||||
diff --git a/src/iperf_auth.c b/src/iperf_auth.c
|
||||
index b9f2bc0f2..632f03d24 100644
|
||||
--- a/src/iperf_auth.c
|
||||
+++ b/src/iperf_auth.c
|
||||
@@ -286,6 +286,7 @@ int encrypt_rsa_message(const char *plaintext, EVP_PKEY *public_key, unsigned ch
|
||||
}
|
||||
|
||||
int decrypt_rsa_message(const unsigned char *encryptedtext, const int encryptedtext_len, EVP_PKEY *private_key, unsigned char **plaintext, int use_pkcs1_padding) {
|
||||
+ int ret =0;
|
||||
#if OPENSSL_VERSION_MAJOR >= 3
|
||||
EVP_PKEY_CTX *ctx;
|
||||
#else
|
||||
@@ -308,7 +309,8 @@ int decrypt_rsa_message(const unsigned char *encryptedtext, const int encryptedt
|
||||
keysize = RSA_size(rsa);
|
||||
#endif
|
||||
rsa_buffer = OPENSSL_malloc(keysize * 2);
|
||||
- *plaintext = (unsigned char*)OPENSSL_malloc(keysize);
|
||||
+ // Note: +1 for NULL
|
||||
+ *plaintext = (unsigned char*)OPENSSL_malloc(keysize + 1);
|
||||
|
||||
BIO *bioBuff = BIO_new_mem_buf((void*)encryptedtext, encryptedtext_len);
|
||||
rsa_buffer_len = BIO_read(bioBuff, rsa_buffer, keysize * 2);
|
||||
@@ -318,13 +320,15 @@ int decrypt_rsa_message(const unsigned char *encryptedtext, const int encryptedt
|
||||
padding = RSA_PKCS1_PADDING;
|
||||
}
|
||||
#if OPENSSL_VERSION_MAJOR >= 3
|
||||
+
|
||||
plaintext_len = keysize;
|
||||
EVP_PKEY_decrypt_init(ctx);
|
||||
- int ret = EVP_PKEY_CTX_set_rsa_padding(ctx, padding);
|
||||
+
|
||||
+ ret = EVP_PKEY_CTX_set_rsa_padding(ctx, padding);
|
||||
if (ret < 0){
|
||||
goto errreturn;
|
||||
}
|
||||
- EVP_PKEY_decrypt(ctx, *plaintext, &plaintext_len, rsa_buffer, rsa_buffer_len);
|
||||
+ ret = EVP_PKEY_decrypt(ctx, *plaintext, &plaintext_len, rsa_buffer, rsa_buffer_len);
|
||||
EVP_PKEY_CTX_free(ctx);
|
||||
#else
|
||||
plaintext_len = RSA_private_decrypt(rsa_buffer_len, rsa_buffer, *plaintext, rsa, padding);
|
||||
@@ -335,7 +339,7 @@ int decrypt_rsa_message(const unsigned char *encryptedtext, const int encryptedt
|
||||
BIO_free(bioBuff);
|
||||
|
||||
/* Treat a decryption error as an empty string. */
|
||||
- if (plaintext_len < 0) {
|
||||
+ if (plaintext_len <= 0) {
|
||||
plaintext_len = 0;
|
||||
}
|
||||
|
||||
@@ -384,24 +388,28 @@ int decode_auth_setting(int enable_debug, const char *authtoken, EVP_PKEY *priva
|
||||
int plaintext_len;
|
||||
plaintext_len = decrypt_rsa_message(encrypted_b64, encrypted_len_b64, private_key, &plaintext, use_pkcs1_padding);
|
||||
free(encrypted_b64);
|
||||
- if (plaintext_len < 0) {
|
||||
+ if (plaintext_len <= 0) {
|
||||
return -1;
|
||||
}
|
||||
+
|
||||
plaintext[plaintext_len] = '\0';
|
||||
|
||||
char *s_username, *s_password;
|
||||
s_username = (char *) calloc(plaintext_len, sizeof(char));
|
||||
if (s_username == NULL) {
|
||||
+ OPENSSL_free(plaintext);
|
||||
return -1;
|
||||
}
|
||||
s_password = (char *) calloc(plaintext_len, sizeof(char));
|
||||
if (s_password == NULL) {
|
||||
+ OPENSSL_free(plaintext);
|
||||
free(s_username);
|
||||
return -1;
|
||||
}
|
||||
|
||||
int rc = sscanf((char *) plaintext, auth_text_format, s_username, s_password, &utc_seconds);
|
||||
if (rc != 3) {
|
||||
+ OPENSSL_free(plaintext);
|
||||
free(s_password);
|
||||
free(s_username);
|
||||
return -1;
|
||||
@ -1,242 +0,0 @@
|
||||
From aab262afe1770b55bb865fd4dad2d5e737c758a6 Mon Sep 17 00:00:00 2001
|
||||
From: Michael Lowman <michael.d.lowman@gmail.com>
|
||||
Date: Wed, 8 Oct 2025 22:40:07 +0200
|
||||
Subject: [PATCH 1/5] Set output buffer size prior to encrypt operation
|
||||
|
||||
When calling EVP_PKEY_encrypt with a non-null output buffer,
|
||||
the output buffer length must be provided. Attempts to write
|
||||
beyond this length will fail.
|
||||
---
|
||||
src/iperf_auth.c | 1 +
|
||||
1 file changed, 1 insertion(+)
|
||||
|
||||
diff --git a/src/iperf_auth.c b/src/iperf_auth.c
|
||||
index eda015099..774e1b701 100644
|
||||
--- a/src/iperf_auth.c
|
||||
+++ b/src/iperf_auth.c
|
||||
@@ -252,6 +252,7 @@ int encrypt_rsa_message(const char *plaintext, EVP_PKEY *public_key, unsigned ch
|
||||
#endif
|
||||
rsa_buffer = OPENSSL_malloc(keysize * 2);
|
||||
*encryptedtext = (unsigned char*)OPENSSL_malloc(keysize);
|
||||
+ encryptedtext_len = keysize;
|
||||
|
||||
BIO *bioBuff = BIO_new_mem_buf((void*)plaintext, (int)strlen(plaintext));
|
||||
rsa_buffer_len = BIO_read(bioBuff, rsa_buffer, keysize * 2);
|
||||
|
||||
From 00840604c85c598f7aaeffd21db0c62472d8ab34 Mon Sep 17 00:00:00 2001
|
||||
From: Michael Lowman <michael.d.lowman@gmail.com>
|
||||
Date: Wed, 8 Oct 2025 22:29:12 +0200
|
||||
Subject: [PATCH 2/5] Rename keysize to output_buffer_len
|
||||
|
||||
This more accurately represents the meaning; it is the minimum
|
||||
buffer allocation necessary for an encrypt or decrypt operation
|
||||
to succeed. This is the same size for both ciphertext and
|
||||
cleartext, as padding is applied.
|
||||
---
|
||||
src/iperf_auth.c | 28 ++++++++++++++--------------
|
||||
1 file changed, 14 insertions(+), 14 deletions(-)
|
||||
|
||||
diff --git a/src/iperf_auth.c b/src/iperf_auth.c
|
||||
index 774e1b701..ea516904f 100644
|
||||
--- a/src/iperf_auth.c
|
||||
+++ b/src/iperf_auth.c
|
||||
@@ -236,26 +236,26 @@ int encrypt_rsa_message(const char *plaintext, EVP_PKEY *public_key, unsigned ch
|
||||
#endif
|
||||
unsigned char *rsa_buffer = NULL;
|
||||
size_t encryptedtext_len = 0;
|
||||
- int rsa_buffer_len, keysize;
|
||||
+ int rsa_buffer_len, output_buffer_len;
|
||||
|
||||
#if OPENSSL_VERSION_MAJOR >= 3
|
||||
int rc;
|
||||
ctx = EVP_PKEY_CTX_new_from_pkey(NULL, public_key, "");
|
||||
/* See evp_pkey_rsa(7) and provider-keymgmt(7) */
|
||||
- rc = EVP_PKEY_get_int_param(public_key, OSSL_PKEY_PARAM_MAX_SIZE, &keysize); /* XXX not really keysize */
|
||||
+ rc = EVP_PKEY_get_int_param(public_key, OSSL_PKEY_PARAM_MAX_SIZE, &output_buffer_len);
|
||||
if (!rc) {
|
||||
goto errreturn;
|
||||
}
|
||||
#else
|
||||
rsa = EVP_PKEY_get1_RSA(public_key);
|
||||
- keysize = RSA_size(rsa);
|
||||
+ output_buffer_len = RSA_size(rsa);
|
||||
#endif
|
||||
- rsa_buffer = OPENSSL_malloc(keysize * 2);
|
||||
- *encryptedtext = (unsigned char*)OPENSSL_malloc(keysize);
|
||||
- encryptedtext_len = keysize;
|
||||
+ rsa_buffer = OPENSSL_malloc(output_buffer_len * 2);
|
||||
+ *encryptedtext = (unsigned char*)OPENSSL_malloc(output_buffer_len);
|
||||
+ encryptedtext_len = output_buffer_len;
|
||||
|
||||
BIO *bioBuff = BIO_new_mem_buf((void*)plaintext, (int)strlen(plaintext));
|
||||
- rsa_buffer_len = BIO_read(bioBuff, rsa_buffer, keysize * 2);
|
||||
+ rsa_buffer_len = BIO_read(bioBuff, rsa_buffer, output_buffer_len * 2);
|
||||
|
||||
int padding = RSA_PKCS1_OAEP_PADDING;
|
||||
if (use_pkcs1_padding){
|
||||
@@ -295,26 +295,26 @@ int decrypt_rsa_message(const unsigned char *encryptedtext, const int encryptedt
|
||||
#endif
|
||||
unsigned char *rsa_buffer = NULL;
|
||||
size_t plaintext_len = 0;
|
||||
- int rsa_buffer_len, keysize;
|
||||
+ int rsa_buffer_len, output_buffer_len;
|
||||
|
||||
#if OPENSSL_VERSION_MAJOR >= 3
|
||||
int rc;
|
||||
ctx = EVP_PKEY_CTX_new_from_pkey(NULL, private_key, "");
|
||||
/* See evp_pkey_rsa(7) and provider-keymgmt(7) */
|
||||
- rc = EVP_PKEY_get_int_param(private_key, OSSL_PKEY_PARAM_MAX_SIZE, &keysize); /* XXX not really keysize */
|
||||
+ rc = EVP_PKEY_get_int_param(private_key, OSSL_PKEY_PARAM_MAX_SIZE, &output_buffer_len);
|
||||
if (!rc) {
|
||||
goto errreturn;
|
||||
}
|
||||
#else
|
||||
rsa = EVP_PKEY_get1_RSA(private_key);
|
||||
- keysize = RSA_size(rsa);
|
||||
+ output_buffer_len = RSA_size(rsa);
|
||||
#endif
|
||||
- rsa_buffer = OPENSSL_malloc(keysize * 2);
|
||||
+ rsa_buffer = OPENSSL_malloc(output_buffer_len * 2);
|
||||
// Note: +1 for NULL
|
||||
- *plaintext = (unsigned char*)OPENSSL_malloc(keysize + 1);
|
||||
+ *plaintext = (unsigned char*)OPENSSL_malloc(output_buffer_len + 1);
|
||||
|
||||
BIO *bioBuff = BIO_new_mem_buf((void*)encryptedtext, encryptedtext_len);
|
||||
- rsa_buffer_len = BIO_read(bioBuff, rsa_buffer, keysize * 2);
|
||||
+ rsa_buffer_len = BIO_read(bioBuff, rsa_buffer, output_buffer_len * 2);
|
||||
|
||||
int padding = RSA_PKCS1_OAEP_PADDING;
|
||||
if (use_pkcs1_padding){
|
||||
@@ -322,7 +322,7 @@ int decrypt_rsa_message(const unsigned char *encryptedtext, const int encryptedt
|
||||
}
|
||||
#if OPENSSL_VERSION_MAJOR >= 3
|
||||
|
||||
- plaintext_len = keysize;
|
||||
+ plaintext_len = output_buffer_len;
|
||||
EVP_PKEY_decrypt_init(ctx);
|
||||
|
||||
ret = EVP_PKEY_CTX_set_rsa_padding(ctx, padding);
|
||||
|
||||
From f30aaa3be199313c079d585f7eaf20a0745186b9 Mon Sep 17 00:00:00 2001
|
||||
From: Michael Lowman <michael.d.lowman@gmail.com>
|
||||
Date: Wed, 8 Oct 2025 16:46:20 +0200
|
||||
Subject: [PATCH 3/5] Avoid out-of-bounds access when base64 decoding short
|
||||
strings
|
||||
|
||||
Check the length before reading memory.
|
||||
---
|
||||
src/iperf_auth.c | 4 ++--
|
||||
1 file changed, 2 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/src/iperf_auth.c b/src/iperf_auth.c
|
||||
index ea516904f..eddc5a85f 100644
|
||||
--- a/src/iperf_auth.c
|
||||
+++ b/src/iperf_auth.c
|
||||
@@ -130,9 +130,9 @@ int Base64Encode(const unsigned char* buffer, const size_t length, char** b64tex
|
||||
|
||||
size_t calcDecodeLength(const char* b64input) { //Calculates the length of a decoded string
|
||||
size_t len = strlen(b64input), padding = 0;
|
||||
- if (b64input[len-1] == '=' && b64input[len-2] == '=') //last two chars are =
|
||||
+ if (len >= 2 && b64input[len-1] == '=' && b64input[len-2] == '=') //last two chars are =
|
||||
padding = 2;
|
||||
- else if (b64input[len-1] == '=') //last char is =
|
||||
+ else if (len >= 1 && b64input[len-1] == '=') //last char is =
|
||||
padding = 1;
|
||||
|
||||
return (len*3)/4 - padding;
|
||||
|
||||
From 1cca42a1e77df8fba83ef6340388cad34625087c Mon Sep 17 00:00:00 2001
|
||||
From: Michael Lowman <michael.d.lowman@gmail.com>
|
||||
Date: Wed, 8 Oct 2025 17:57:37 +0200
|
||||
Subject: [PATCH 4/5] Don't over-allocate followed by partial reads
|
||||
|
||||
We know how much we expect to read; the input buffer
|
||||
has a defined size. Allocate the exact buffer expected
|
||||
instead of a larger one with a read expected to return
|
||||
only partial data. This makes it simpler to follow the
|
||||
logic and to avoid off-by-one errors.
|
||||
---
|
||||
src/iperf_auth.c | 13 +++++++------
|
||||
1 file changed, 7 insertions(+), 6 deletions(-)
|
||||
|
||||
diff --git a/src/iperf_auth.c b/src/iperf_auth.c
|
||||
index eddc5a85f..d582c615a 100644
|
||||
--- a/src/iperf_auth.c
|
||||
+++ b/src/iperf_auth.c
|
||||
@@ -235,7 +235,7 @@ int encrypt_rsa_message(const char *plaintext, EVP_PKEY *public_key, unsigned ch
|
||||
RSA *rsa = NULL;
|
||||
#endif
|
||||
unsigned char *rsa_buffer = NULL;
|
||||
- size_t encryptedtext_len = 0;
|
||||
+ size_t encryptedtext_len = 0, plaintext_len = 0;
|
||||
int rsa_buffer_len, output_buffer_len;
|
||||
|
||||
#if OPENSSL_VERSION_MAJOR >= 3
|
||||
@@ -250,12 +250,13 @@ int encrypt_rsa_message(const char *plaintext, EVP_PKEY *public_key, unsigned ch
|
||||
rsa = EVP_PKEY_get1_RSA(public_key);
|
||||
output_buffer_len = RSA_size(rsa);
|
||||
#endif
|
||||
- rsa_buffer = OPENSSL_malloc(output_buffer_len * 2);
|
||||
+ plaintext_len = strlen(plaintext);
|
||||
+ rsa_buffer = OPENSSL_malloc(output_buffer_len);
|
||||
*encryptedtext = (unsigned char*)OPENSSL_malloc(output_buffer_len);
|
||||
encryptedtext_len = output_buffer_len;
|
||||
|
||||
- BIO *bioBuff = BIO_new_mem_buf((void*)plaintext, (int)strlen(plaintext));
|
||||
- rsa_buffer_len = BIO_read(bioBuff, rsa_buffer, output_buffer_len * 2);
|
||||
+ BIO *bioBuff = BIO_new_mem_buf((void*)plaintext, (int)plaintext_len);
|
||||
+ rsa_buffer_len = BIO_read(bioBuff, rsa_buffer, plaintext_len);
|
||||
|
||||
int padding = RSA_PKCS1_OAEP_PADDING;
|
||||
if (use_pkcs1_padding){
|
||||
@@ -309,12 +310,12 @@ int decrypt_rsa_message(const unsigned char *encryptedtext, const int encryptedt
|
||||
rsa = EVP_PKEY_get1_RSA(private_key);
|
||||
output_buffer_len = RSA_size(rsa);
|
||||
#endif
|
||||
- rsa_buffer = OPENSSL_malloc(output_buffer_len * 2);
|
||||
+ rsa_buffer = OPENSSL_malloc(output_buffer_len);
|
||||
// Note: +1 for NULL
|
||||
*plaintext = (unsigned char*)OPENSSL_malloc(output_buffer_len + 1);
|
||||
|
||||
BIO *bioBuff = BIO_new_mem_buf((void*)encryptedtext, encryptedtext_len);
|
||||
- rsa_buffer_len = BIO_read(bioBuff, rsa_buffer, output_buffer_len * 2);
|
||||
+ rsa_buffer_len = BIO_read(bioBuff, rsa_buffer, encryptedtext_len);
|
||||
|
||||
int padding = RSA_PKCS1_OAEP_PADDING;
|
||||
if (use_pkcs1_padding){
|
||||
|
||||
From 92f288ff6230dbe186e95688c910268f6942e214 Mon Sep 17 00:00:00 2001
|
||||
From: Michael Lowman <michael.d.lowman@gmail.com>
|
||||
Date: Wed, 8 Oct 2025 17:58:52 +0200
|
||||
Subject: [PATCH 5/5] Add warnings on silent truncation
|
||||
|
||||
Input should not be this long, but makes the expectations
|
||||
of the code clearer.
|
||||
---
|
||||
src/iperf_auth.c | 6 ++++++
|
||||
1 file changed, 6 insertions(+)
|
||||
|
||||
diff --git a/src/iperf_auth.c b/src/iperf_auth.c
|
||||
index d582c615a..4c38fa938 100644
|
||||
--- a/src/iperf_auth.c
|
||||
+++ b/src/iperf_auth.c
|
||||
@@ -251,6 +251,9 @@ int encrypt_rsa_message(const char *plaintext, EVP_PKEY *public_key, unsigned ch
|
||||
output_buffer_len = RSA_size(rsa);
|
||||
#endif
|
||||
plaintext_len = strlen(plaintext);
|
||||
+ if (plaintext_len > output_buffer_len) {
|
||||
+ fprintf(stderr, "Plaintext of size %zd truncated to %d; data is lost.\n", plaintext_len, output_buffer_len);
|
||||
+ }
|
||||
rsa_buffer = OPENSSL_malloc(output_buffer_len);
|
||||
*encryptedtext = (unsigned char*)OPENSSL_malloc(output_buffer_len);
|
||||
encryptedtext_len = output_buffer_len;
|
||||
@@ -310,6 +313,9 @@ int decrypt_rsa_message(const unsigned char *encryptedtext, const int encryptedt
|
||||
rsa = EVP_PKEY_get1_RSA(private_key);
|
||||
output_buffer_len = RSA_size(rsa);
|
||||
#endif
|
||||
+ if (encryptedtext_len > output_buffer_len) {
|
||||
+ fprintf(stderr, "Encrypted text of size %d truncated to %d; likely invalid input.\n", encryptedtext_len, output_buffer_len);
|
||||
+ }
|
||||
rsa_buffer = OPENSSL_malloc(output_buffer_len);
|
||||
// Note: +1 for NULL
|
||||
*plaintext = (unsigned char*)OPENSSL_malloc(output_buffer_len + 1);
|
||||
@ -1,84 +0,0 @@
|
||||
diff -rNu iperf-3.16.orig/iperf-3.16/src/iperf_api.c iperf-3.16/src/iperf_api.c
|
||||
--- iperf-3.16.orig/iperf-3.16/src/iperf_api.c 2023-11-29 13:46:13.000000000 -0600
|
||||
+++ iperf-3.16/src/iperf_api.c 2023-12-06 22:08:09.508869360 -0600
|
||||
@@ -3356,6 +3356,8 @@
|
||||
|
||||
temp.rttvar = get_rttvar(&temp);
|
||||
temp.pmtu = get_pmtu(&temp);
|
||||
+ temp.reorder = get_reorder(&temp);
|
||||
+ rp->stream_reorder = temp.reorder;
|
||||
}
|
||||
}
|
||||
} else {
|
||||
@@ -3801,7 +3803,7 @@
|
||||
if (test->sender_has_retransmits) {
|
||||
/* Sender summary, TCP and SCTP with retransmits. */
|
||||
if (test->json_output)
|
||||
- cJSON_AddItemToObject(json_summary_stream, report_sender, iperf_json_printf("socket: %d start: %f end: %f seconds: %f bytes: %d bits_per_second: %f retransmits: %d max_snd_cwnd: %d max_snd_wnd: %d max_rtt: %d min_rtt: %d mean_rtt: %d sender: %b", (int64_t) sp->socket, (double) start_time, (double) sender_time, (double) sender_time, (int64_t) bytes_sent, bandwidth * 8, (int64_t) sp->result->stream_retrans, (int64_t) sp->result->stream_max_snd_cwnd, (int64_t) sp->result->stream_max_snd_wnd, (int64_t) sp->result->stream_max_rtt, (int64_t) sp->result->stream_min_rtt, (int64_t) ((sp->result->stream_count_rtt == 0) ? 0 : sp->result->stream_sum_rtt / sp->result->stream_count_rtt), stream_must_be_sender));
|
||||
+ cJSON_AddItemToObject(json_summary_stream, "sender", iperf_json_printf("socket: %d start: %f end: %f seconds: %f bytes: %d bits_per_second: %f retransmits: %d reorder: %d max_snd_cwnd: %d max_snd_wnd: %d max_rtt: %d min_rtt: %d mean_rtt: %d sender: %b", (int64_t) sp->socket, (double) start_time, (double) sender_time, (double) sender_time, (int64_t) bytes_sent, bandwidth * 8, (int64_t) sp->result->stream_retrans, (int64_t) sp->result->stream_reorder, (int64_t) sp->result->stream_max_snd_cwnd, (int64_t) sp->result->stream_max_snd_wnd, (int64_t) sp->result->stream_max_rtt, (int64_t) sp->result->stream_min_rtt, (int64_t) ((sp->result->stream_count_rtt == 0) ? 0 : sp->result->stream_sum_rtt / sp->result->stream_count_rtt), stream_must_be_sender));
|
||||
else
|
||||
if (test->role == 's' && !sp->sender) {
|
||||
if (test->verbose)
|
||||
@@ -4252,7 +4254,7 @@
|
||||
if (test->sender_has_retransmits == 1 && sp->sender) {
|
||||
/* Interval, TCP with retransmits. */
|
||||
if (test->json_output)
|
||||
- cJSON_AddItemToArray(json_interval_streams, iperf_json_printf("socket: %d start: %f end: %f seconds: %f bytes: %d bits_per_second: %f retransmits: %d snd_cwnd: %d snd_wnd: %d rtt: %d rttvar: %d pmtu: %d omitted: %b sender: %b", (int64_t) sp->socket, (double) st, (double) et, (double) irp->interval_duration, (int64_t) irp->bytes_transferred, bandwidth * 8, (int64_t) irp->interval_retrans, (int64_t) irp->snd_cwnd, (int64_t) irp->snd_wnd, (int64_t) irp->rtt, (int64_t) irp->rttvar, (int64_t) irp->pmtu, irp->omitted, sp->sender));
|
||||
+ cJSON_AddItemToArray(json_interval_streams, iperf_json_printf("socket: %d start: %f end: %f seconds: %f bytes: %d bits_per_second: %f retransmits: %d snd_cwnd: %d snd_wnd: %d rtt: %d rttvar: %d pmtu: %d reorder: %d omitted: %b sender: %b", (int64_t) sp->socket, (double) st, (double) et, (double) irp->interval_duration, (int64_t) irp->bytes_transferred, bandwidth * 8, (int64_t) irp->interval_retrans, (int64_t) irp->snd_cwnd, (int64_t) irp->snd_wnd, (int64_t) irp->rtt, (int64_t) irp->rttvar, (int64_t) irp->pmtu, (int64_t) irp->reorder, irp->omitted, sp->sender));
|
||||
else {
|
||||
unit_snprintf(cbuf, UNIT_LEN, irp->snd_cwnd, 'A');
|
||||
iperf_printf(test, report_bw_retrans_cwnd_format, sp->socket, mbuf, st, et, ubuf, nbuf, irp->interval_retrans, cbuf, irp->omitted?report_omitted:"");
|
||||
diff -rNu iperf-3.16.orig/iperf-3.16/src/iperf_api.h iperf-3.16/src/iperf_api.h
|
||||
--- iperf-3.16.orig/iperf-3.16/src/iperf_api.h 2023-11-29 13:46:13.000000000 -0600
|
||||
+++ iperf-3.16/src/iperf_api.h 2023-12-06 22:08:36.409418686 -0600
|
||||
@@ -316,6 +316,7 @@
|
||||
long get_rtt(struct iperf_interval_results *irp);
|
||||
long get_rttvar(struct iperf_interval_results *irp);
|
||||
long get_pmtu(struct iperf_interval_results *irp);
|
||||
+long get_reorder(struct iperf_interval_results *irp);
|
||||
void print_tcpinfo(struct iperf_test *test);
|
||||
void build_tcpinfo_message(struct iperf_interval_results *r, char *message);
|
||||
|
||||
diff -rNu iperf-3.16.orig/iperf-3.16/src/iperf.h iperf-3.16/src/iperf.h
|
||||
--- iperf-3.16.orig/iperf-3.16/src/iperf.h 2023-11-29 13:46:13.000000000 -0600
|
||||
+++ iperf-3.16/src/iperf.h 2023-12-06 22:06:35.332454109 -0600
|
||||
@@ -125,6 +125,7 @@
|
||||
long rtt;
|
||||
long rttvar;
|
||||
long pmtu;
|
||||
+ long reorder;
|
||||
};
|
||||
|
||||
struct iperf_stream_result
|
||||
@@ -136,6 +137,7 @@
|
||||
atomic_iperf_size_t bytes_sent_omit;
|
||||
long stream_prev_total_retrans;
|
||||
long stream_retrans;
|
||||
+ long stream_reorder;
|
||||
long stream_max_rtt;
|
||||
long stream_min_rtt;
|
||||
long stream_sum_rtt;
|
||||
diff -rNu iperf-3.16.orig/iperf-3.16/src/tcp_info.c iperf-3.16/src/tcp_info.c
|
||||
--- iperf-3.16.orig/iperf-3.16/src/tcp_info.c 2023-11-29 13:46:13.000000000 -0600
|
||||
+++ iperf-3.16/src/tcp_info.c 2023-12-06 22:09:45.371252438 -0600
|
||||
@@ -218,6 +218,20 @@
|
||||
}
|
||||
|
||||
/*************************************************************/
|
||||
+/*
|
||||
+ * Return number of reordering events seen.
|
||||
+ */
|
||||
+long
|
||||
+get_reorder(struct iperf_interval_results *irp)
|
||||
+{
|
||||
+#if defined(linux) && defined(TCP_REPAIR_ON)
|
||||
+ return irp->tcpInfo.tcpi_reord_seen;
|
||||
+#else
|
||||
+ return -1;
|
||||
+#endif
|
||||
+}
|
||||
+
|
||||
+/*************************************************************/
|
||||
void
|
||||
build_tcpinfo_message(struct iperf_interval_results *r, char *message)
|
||||
{
|
||||
14
iperf3.spec
14
iperf3.spec
@ -1,6 +1,6 @@
|
||||
Name: iperf3
|
||||
Version: 3.17.1
|
||||
Release: 6%{?dist}
|
||||
Version: 3.21
|
||||
Release: 1%{?dist}
|
||||
Summary: Measurement tool for TCP/UDP bandwidth performance
|
||||
|
||||
License: BSD-3-Clause-LBNL AND MIT AND dtoa AND BSD-3-Clause AND NCSA AND LicenseRef-Fedora-Public-Domain
|
||||
@ -14,11 +14,6 @@ BuildRequires: openssl-devel
|
||||
BuildRequires: make
|
||||
BuildRequires: git-core
|
||||
|
||||
Patch0000: 1278-rebase.patch
|
||||
Patch0001: 0001-cve-2024-53580.patch
|
||||
Patch0002: 0002-cve-2025-54349.patch
|
||||
Patch0003: 0003-openssl-authentication.patch
|
||||
|
||||
%description
|
||||
Iperf is a tool to measure maximum TCP bandwidth, allowing the tuning of
|
||||
various parameters and UDP characteristics. Iperf reports bandwidth, delay
|
||||
@ -59,6 +54,11 @@ rm -f %{buildroot}%{_libdir}/libiperf.la
|
||||
%{_libdir}/*.so
|
||||
|
||||
%changelog
|
||||
* Fri Jul 03 2026 Michal Ruprich <mruprich@redhat.com> - 3.21-1
|
||||
- Rebase to version 3.21
|
||||
- Resolves: RHEL-173619
|
||||
- Resolves: RHEL-125978 - high CPU usage
|
||||
|
||||
* Mon Apr 13 2026 Michal Ruprich <mruprich@redhat.com> - 3.17.1-6
|
||||
- Resolves: RHEL-151876 - authentication no longer works with the new openssl
|
||||
|
||||
|
||||
2
sources
2
sources
@ -1 +1 @@
|
||||
SHA512 (iperf-3.17.1.tar.gz) = 54789c5a63081aa803575ce1df3cb251a3b0bb16313f049f2479ae3a5af39944ace1222d4a086bed0ab34821da73371b2499f8b8283791a953d861da4cfc56f0
|
||||
SHA512 (iperf-3.21.tar.gz) = c86888809f47d0a9eb7fb81d0e442ef27c04a3ec21b93fa7028917940265666effd30bd203e2d4b3e7018a1ae6fd513546563b84a7ae8c87de469db8adeac272
|
||||
|
||||
Loading…
Reference in New Issue
Block a user