From ea752ff12e2bb4a7409643fb15d08701b1cf991b Mon Sep 17 00:00:00 2001 From: Jonathan Wright Date: Tue, 18 Jul 2023 12:03:33 -0500 Subject: [PATCH] Fixes CVE-2023-38403 Signed-off-by: Jonathan Wright --- SOURCES/cve-2023-38403.patch | 45 ++++++++++++++++++++++++++++++++++++ SPECS/iperf3.spec | 6 ++++- 2 files changed, 50 insertions(+), 1 deletion(-) create mode 100644 SOURCES/cve-2023-38403.patch diff --git a/SOURCES/cve-2023-38403.patch b/SOURCES/cve-2023-38403.patch new file mode 100644 index 0000000..a909d18 --- /dev/null +++ b/SOURCES/cve-2023-38403.patch @@ -0,0 +1,45 @@ +From 41f5129d402bcd14ec4d2cde875203ab51076352 Mon Sep 17 00:00:00 2001 +From: "Bruce A. Mah" +Date: Fri, 7 Jul 2023 11:03:43 -0700 +Subject: [PATCH] Fix memory allocation hazard (#1542). + +Reported by: @someusername123 on GitHub +--- + src/iperf_api.c | 9 ++++++++- + 1 file changed, 8 insertions(+), 1 deletion(-) + +diff --git a/src/iperf_api.c b/src/iperf_api.c +index f2d416214..a95e02418 100644 +--- a/src/iperf_api.c ++++ b/src/iperf_api.c +@@ -2670,6 +2670,7 @@ static cJSON * + JSON_read(int fd) + { + uint32_t hsize, nsize; ++ size_t strsize; + char *str; + cJSON *json = NULL; + int rc; +@@ -2682,7 +2683,9 @@ JSON_read(int fd) + if (Nread(fd, (char*) &nsize, sizeof(nsize), Ptcp) >= 0) { + hsize = ntohl(nsize); + /* Allocate a buffer to hold the JSON */ +- str = (char *) calloc(sizeof(char), hsize+1); /* +1 for trailing null */ ++ strsize = hsize + 1; /* +1 for trailing NULL */ ++ if (strsize) { ++ str = (char *) calloc(sizeof(char), strsize); + if (str != NULL) { + rc = Nread(fd, str, hsize, Ptcp); + if (rc >= 0) { +@@ -2701,6 +2704,10 @@ JSON_read(int fd) + } + } + free(str); ++ } ++ else { ++ printf("WARNING: Data length overflow\n"); ++ } + } + return json; + } + diff --git a/SPECS/iperf3.spec b/SPECS/iperf3.spec index 9d3453f..76f031d 100644 --- a/SPECS/iperf3.spec +++ b/SPECS/iperf3.spec @@ -1,6 +1,6 @@ Name: iperf3 Version: 3.5 -Release: 6%{?dist} +Release: 6%{?dist}.1.alma Summary: Measurement tool for TCP/UDP bandwidth performance Group: Applications/Internet @@ -13,6 +13,7 @@ BuildRequires: openssl-devel Patch0002: 0002-udp-counters-manpage.patch Patch0003: 0003-covscan-sctp.patch +Patch0004: cve-2023-38403.patch %description Iperf is a tool to measure maximum TCP bandwidth, allowing the tuning of @@ -60,6 +61,9 @@ rm -f %{buildroot}%{_libdir}/libiperf.la %{_libdir}/*.so %changelog +* Tue Jul 18 2023 Jonathan Wright - 3.5-7.1.alma +- Fixes CVE-2023-38403 + * Tue May 05 2020 Michal Ruprich - 3.5-6 - Related: #1665142 - Fixing a couple of covscan issues