packages/iperf3
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!19 Upgrade to 3.16 for fix CVE-2023-7250

Browse Source 
From: @starlet-dx 
Reviewed-by: @wk333 
Signed-off-by: @wk333
This commit is contained in:
openeuler-ci-bot 2024-04-02 07:58:25 +00:00 committed by Gitee
commit 868bc4cddf
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
4 changed files with 7 additions and 49 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

44
CVE-2023-38403.patch
View File

@ -1,44 +0,0 @@
From 0ef151550d96cc4460f98832df84b4a1e87c65e9 Mon Sep 17 00:00:00 2001
From: "Bruce A. Mah" <bmah@es.net>
Date: Fri, 7 Jul 2023 11:35:02 -0700
Subject: [PATCH] Fix memory allocation hazard (#1542). (#1543)
Reported by: @someusername123 on GitHub
---
src/iperf_api.c | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
diff --git a/src/iperf_api.c b/src/iperf_api.c
index f2d416214..a95e02418 100644
--- a/src/iperf_api.c
+++ b/src/iperf_api.c
@@ -2670,6 +2670,7 @@ static cJSON *
JSON_read(int fd)
{
uint32_t hsize, nsize;
+ size_t strsize;
char *str;
cJSON *json = NULL;
int rc;
@@ -2682,7 +2683,9 @@ JSON_read(int fd)
if (Nread(fd, (char*) &nsize, sizeof(nsize), Ptcp) >= 0) {
hsize = ntohl(nsize);
/* Allocate a buffer to hold the JSON */
- str = (char *) calloc(sizeof(char), hsize+1); /* +1 for trailing null */
+ strsize = hsize + 1; /* +1 for trailing NULL */
+ if (strsize) {
+ str = (char *) calloc(sizeof(char), strsize);
if (str != NULL) {
rc = Nread(fd, str, hsize, Ptcp);
if (rc >= 0) {
@@ -2701,6 +2704,10 @@ JSON_read(int fd)
}
}
free(str);
+ }
+ else {
+ printf("WARNING: Data length overflow\n");
+ }
}
return json;
}

BIN
iperf-3.16.tar.gz Normal file
View File

Binary file not shown.

BIN
iperf-3.6.tar.gz
View File

Binary file not shown.

12
iperf3.spec
View File

@ -1,11 +1,10 @@
Name: iperf3 Name: iperf3
Version: 3.6 Version: 3.16
Release: 6 Release: 1
Summary: TCP,UDP,and SCTP network bandwidth measurement tool Summary: TCP,UDP,and SCTP network bandwidth measurement tool
License: BSD License: BSD
URL: http://github.com/esnet/iperf URL: http://github.com/esnet/iperf
Source0: http://downloads.es.net/pub/iperf/iperf-%{version}.tar.gz Source0: https://github.com/esnet/iperf/archive/%{version}/iperf-%{version}.tar.gz
Patch0: CVE-2023-38403.patch
BuildRequires: libuuid-devel gcc BuildRequires: libuuid-devel gcc
Requires: %{name}-help = %{version}-%{release} Requires: %{name}-help = %{version}-%{release}
@ -39,7 +38,7 @@ mkdir -p %{buildroot}%{_mandir}/man1
%files %files
%defattr(-,root,root) %defattr(-,root,root)
%doc README.md RELEASE_NOTES %doc README.md RELNOTES.md
%license LICENSE _esnet/LICENSE %license LICENSE _esnet/LICENSE
%{_bindir}/iperf3 %{_bindir}/iperf3
%{_libdir}/*.so.* %{_libdir}/*.so.*
@ -55,6 +54,9 @@ mkdir -p %{buildroot}%{_mandir}/man1
%{_mandir}/man3/libiperf.3.gz %{_mandir}/man3/libiperf.3.gz
%changelog %changelog
* Tue Apr 02 2024 yaoxin <yao_xin001@hoperun.com> - 3.16-1
- Upgrade to 3.16 for fix CVE-2023-7250
* Mon Aug 07 2023 yaoxin <yao_xin001@hoperun.com> - 3.6-6 * Mon Aug 07 2023 yaoxin <yao_xin001@hoperun.com> - 3.6-6
- Fix CVE-2023-38403 - Fix CVE-2023-38403