diff --git a/SPECS/iperf3/CVE-2024-53580.patch b/SPECS/iperf3/CVE-2024-53580.patch new file mode 100644 index 00000000000..a91c612e31a --- /dev/null +++ b/SPECS/iperf3/CVE-2024-53580.patch @@ -0,0 +1,287 @@ +From 837c1f9389fc64938a6081517c34a749a11692b0 Mon Sep 17 00:00:00 2001 +From: Kanishk-Bansal +Date: Tue, 31 Dec 2024 09:23:23 +0000 +Subject: [PATCH] Fix CVE-2024-53580 + +--- + src/iperf_api.c | 98 +++++++++++++++++++++++------------------------ + src/iperf_error.c | 6 +-- + src/iperf_util.c | 36 +++++++++++++++++ + src/iperf_util.h | 1 + + 4 files changed, 89 insertions(+), 52 deletions(-) + +diff --git a/src/iperf_api.c b/src/iperf_api.c +index 7fb741e..bb3be92 100644 +--- a/src/iperf_api.c ++++ b/src/iperf_api.c +@@ -2308,72 +2308,72 @@ get_parameters(struct iperf_test *test) + cJSON_free(str); + } + +- if ((j_p = cJSON_GetObjectItem(j, "tcp")) != NULL) ++ if ((j_p = iperf_cJSON_GetObjectItemType(j, "tcp", cJSON_True)) != NULL) + set_protocol(test, Ptcp); +- if ((j_p = cJSON_GetObjectItem(j, "udp")) != NULL) ++ if ((j_p = iperf_cJSON_GetObjectItemType(j, "udp", cJSON_True)) != NULL) + set_protocol(test, Pudp); +- if ((j_p = cJSON_GetObjectItem(j, "sctp")) != NULL) ++ if ((j_p = iperf_cJSON_GetObjectItemType(j, "sctp", cJSON_True)) != NULL) + set_protocol(test, Psctp); +- if ((j_p = cJSON_GetObjectItem(j, "omit")) != NULL) ++ if ((j_p = iperf_cJSON_GetObjectItemType(j, "omit", cJSON_Number)) != NULL) + test->omit = j_p->valueint; +- if ((j_p = cJSON_GetObjectItem(j, "server_affinity")) != NULL) ++ if ((j_p = iperf_cJSON_GetObjectItemType(j, "server_affinity", cJSON_Number)) != NULL) + test->server_affinity = j_p->valueint; +- if ((j_p = cJSON_GetObjectItem(j, "time")) != NULL) ++ if ((j_p = iperf_cJSON_GetObjectItemType(j, "time", cJSON_Number)) != NULL) + test->duration = j_p->valueint; + test->settings->bytes = 0; +- if ((j_p = cJSON_GetObjectItem(j, "num")) != NULL) ++ if ((j_p = iperf_cJSON_GetObjectItemType(j, "num", cJSON_Number)) != NULL) + test->settings->bytes = j_p->valueint; + test->settings->blocks = 0; +- if ((j_p = cJSON_GetObjectItem(j, "blockcount")) != NULL) ++ if ((j_p = iperf_cJSON_GetObjectItemType(j, "blockcount", cJSON_Number)) != NULL) + test->settings->blocks = j_p->valueint; +- if ((j_p = cJSON_GetObjectItem(j, "MSS")) != NULL) ++ if ((j_p = iperf_cJSON_GetObjectItemType(j, "MSS", cJSON_Number)) != NULL) + test->settings->mss = j_p->valueint; +- if ((j_p = cJSON_GetObjectItem(j, "nodelay")) != NULL) ++ if ((j_p = iperf_cJSON_GetObjectItemType(j, "nodelay", cJSON_True)) != NULL) + test->no_delay = 1; +- if ((j_p = cJSON_GetObjectItem(j, "parallel")) != NULL) ++ if ((j_p = iperf_cJSON_GetObjectItemType(j, "parallel", cJSON_Number)) != NULL) + test->num_streams = j_p->valueint; +- if ((j_p = cJSON_GetObjectItem(j, "reverse")) != NULL) ++ if ((j_p = iperf_cJSON_GetObjectItemType(j, "reverse", cJSON_True)) != NULL) + iperf_set_test_reverse(test, 1); +- if ((j_p = cJSON_GetObjectItem(j, "bidirectional")) != NULL) ++ if ((j_p = iperf_cJSON_GetObjectItemType(j, "bidirectional", cJSON_True)) != NULL) + iperf_set_test_bidirectional(test, 1); +- if ((j_p = cJSON_GetObjectItem(j, "window")) != NULL) ++ if ((j_p = iperf_cJSON_GetObjectItemType(j, "window", cJSON_Number)) != NULL) + test->settings->socket_bufsize = j_p->valueint; +- if ((j_p = cJSON_GetObjectItem(j, "len")) != NULL) ++ if ((j_p = iperf_cJSON_GetObjectItemType(j, "len", cJSON_Number)) != NULL) + test->settings->blksize = j_p->valueint; +- if ((j_p = cJSON_GetObjectItem(j, "bandwidth")) != NULL) ++ if ((j_p = iperf_cJSON_GetObjectItemType(j, "bandwidth", cJSON_Number)) != NULL) + test->settings->rate = j_p->valueint; +- if ((j_p = cJSON_GetObjectItem(j, "fqrate")) != NULL) ++ if ((j_p = iperf_cJSON_GetObjectItemType(j, "fqrate", cJSON_Number)) != NULL) + test->settings->fqrate = j_p->valueint; +- if ((j_p = cJSON_GetObjectItem(j, "pacing_timer")) != NULL) ++ if ((j_p = iperf_cJSON_GetObjectItemType(j, "pacing_timer", cJSON_Number)) != NULL) + test->settings->pacing_timer = j_p->valueint; +- if ((j_p = cJSON_GetObjectItem(j, "burst")) != NULL) ++ if ((j_p = iperf_cJSON_GetObjectItemType(j, "burst", cJSON_Number)) != NULL) + test->settings->burst = j_p->valueint; +- if ((j_p = cJSON_GetObjectItem(j, "TOS")) != NULL) ++ if ((j_p = iperf_cJSON_GetObjectItemType(j, "TOS", cJSON_Number)) != NULL) + test->settings->tos = j_p->valueint; +- if ((j_p = cJSON_GetObjectItem(j, "flowlabel")) != NULL) ++ if ((j_p = iperf_cJSON_GetObjectItemType(j, "flowlabel", cJSON_Number)) != NULL) + test->settings->flowlabel = j_p->valueint; +- if ((j_p = cJSON_GetObjectItem(j, "title")) != NULL) ++ if ((j_p = iperf_cJSON_GetObjectItemType(j, "title", cJSON_String)) != NULL) + test->title = strdup(j_p->valuestring); +- if ((j_p = cJSON_GetObjectItem(j, "extra_data")) != NULL) ++ if ((j_p = iperf_cJSON_GetObjectItemType(j, "extra_data", cJSON_String)) != NULL) + test->extra_data = strdup(j_p->valuestring); +- if ((j_p = cJSON_GetObjectItem(j, "congestion")) != NULL) ++ if ((j_p = iperf_cJSON_GetObjectItemType(j, "congestion", cJSON_String)) != NULL) + test->congestion = strdup(j_p->valuestring); +- if ((j_p = cJSON_GetObjectItem(j, "congestion_used")) != NULL) ++ if ((j_p = iperf_cJSON_GetObjectItemType(j, "congestion_used", cJSON_String)) != NULL) + test->congestion_used = strdup(j_p->valuestring); +- if ((j_p = cJSON_GetObjectItem(j, "get_server_output")) != NULL) ++ if ((j_p = iperf_cJSON_GetObjectItemType(j, "get_server_output", cJSON_Number)) != NULL) + iperf_set_test_get_server_output(test, 1); +- if ((j_p = cJSON_GetObjectItem(j, "udp_counters_64bit")) != NULL) ++ if ((j_p = iperf_cJSON_GetObjectItemType(j, "udp_counters_64bit", cJSON_Number)) != NULL) + iperf_set_test_udp_counters_64bit(test, 1); +- if ((j_p = cJSON_GetObjectItem(j, "repeating_payload")) != NULL) ++ if ((j_p = iperf_cJSON_GetObjectItemType(j, "repeating_payload", cJSON_Number)) != NULL) + test->repeating_payload = 1; +- if ((j_p = cJSON_GetObjectItem(j, "zerocopy")) != NULL) ++ if ((j_p = iperf_cJSON_GetObjectItemType(j, "zerocopy", cJSON_Number)) != NULL) + test->zerocopy = j_p->valueint; + #if defined(HAVE_DONT_FRAGMENT) +- if ((j_p = cJSON_GetObjectItem(j, "dont_fragment")) != NULL) ++ if ((j_p = iperf_cJSON_GetObjectItemType(j, "dont_fragment", cJSON_Number)) != NULL) + test->settings->dont_fragment = j_p->valueint; + #endif /* HAVE_DONT_FRAGMENT */ + #if defined(HAVE_SSL) +- if ((j_p = cJSON_GetObjectItem(j, "authtoken")) != NULL) ++ if ((j_p = iperf_cJSON_GetObjectItemType(j, "authtoken", cJSON_String)) != NULL) + test->settings->authtoken = strdup(j_p->valuestring); + #endif //HAVE_SSL + if (test->mode && test->protocol->id == Ptcp && has_tcpinfo_retransmits()) +@@ -2532,10 +2532,10 @@ get_results(struct iperf_test *test) + i_errno = IERECVRESULTS; + r = -1; + } else { +- j_cpu_util_total = cJSON_GetObjectItem(j, "cpu_util_total"); +- j_cpu_util_user = cJSON_GetObjectItem(j, "cpu_util_user"); +- j_cpu_util_system = cJSON_GetObjectItem(j, "cpu_util_system"); +- j_sender_has_retransmits = cJSON_GetObjectItem(j, "sender_has_retransmits"); ++ j_cpu_util_total = iperf_cJSON_GetObjectItemType(j, "cpu_util_total", cJSON_Number); ++ j_cpu_util_user = iperf_cJSON_GetObjectItemType(j, "cpu_util_user", cJSON_Number); ++ j_cpu_util_system = iperf_cJSON_GetObjectItemType(j, "cpu_util_system", cJSON_Number); ++ j_sender_has_retransmits = iperf_cJSON_GetObjectItemType(j, "sender_has_retransmits", cJSON_Number); + if (j_cpu_util_total == NULL || j_cpu_util_user == NULL || j_cpu_util_system == NULL || j_sender_has_retransmits == NULL) { + i_errno = IERECVRESULTS; + r = -1; +@@ -2557,7 +2557,7 @@ get_results(struct iperf_test *test) + else if ( test->mode == BIDIRECTIONAL ) + test->other_side_has_retransmits = result_has_retransmits; + +- j_streams = cJSON_GetObjectItem(j, "streams"); ++ j_streams = iperf_cJSON_GetObjectItemType(j, "streams", cJSON_Array); + if (j_streams == NULL) { + i_errno = IERECVRESULTS; + r = -1; +@@ -2569,16 +2569,16 @@ get_results(struct iperf_test *test) + i_errno = IERECVRESULTS; + r = -1; + } else { +- j_id = cJSON_GetObjectItem(j_stream, "id"); +- j_bytes = cJSON_GetObjectItem(j_stream, "bytes"); +- j_retransmits = cJSON_GetObjectItem(j_stream, "retransmits"); +- j_jitter = cJSON_GetObjectItem(j_stream, "jitter"); +- j_errors = cJSON_GetObjectItem(j_stream, "errors"); +- j_omitted_errors = cJSON_GetObjectItem(j_stream, "omitted_errors"); +- j_packets = cJSON_GetObjectItem(j_stream, "packets"); +- j_omitted_packets = cJSON_GetObjectItem(j_stream, "omitted_packets"); +- j_start_time = cJSON_GetObjectItem(j_stream, "start_time"); +- j_end_time = cJSON_GetObjectItem(j_stream, "end_time"); ++ j_id = iperf_cJSON_GetObjectItemType(j_stream, "id", cJSON_Number); ++ j_bytes = iperf_cJSON_GetObjectItemType(j_stream, "bytes", cJSON_Number); ++ j_retransmits = iperf_cJSON_GetObjectItemType(j_stream, "retransmits", cJSON_Number); ++ j_jitter = iperf_cJSON_GetObjectItemType(j_stream, "jitter", cJSON_Number); ++ j_errors = iperf_cJSON_GetObjectItemType(j_stream, "errors", cJSON_Number); ++ j_omitted_errors = iperf_cJSON_GetObjectItemType(j_stream, "omitted_errors", cJSON_Number); ++ j_packets = iperf_cJSON_GetObjectItemType(j_stream, "packets", cJSON_Number); ++ j_omitted_packets = iperf_cJSON_GetObjectItemType(j_stream, "omitted_packets", cJSON_Number); ++ j_start_time = iperf_cJSON_GetObjectItemType(j_stream, "start_time", cJSON_Number); ++ j_end_time = iperf_cJSON_GetObjectItemType(j_stream, "end_time", cJSON_Number); + if (j_id == NULL || j_bytes == NULL || j_retransmits == NULL || j_jitter == NULL || j_errors == NULL || j_packets == NULL) { + i_errno = IERECVRESULTS; + r = -1; +@@ -2667,7 +2667,7 @@ get_results(struct iperf_test *test) + } + else { + /* No JSON, look for textual output. Make a copy of the text for later. */ +- j_server_output = cJSON_GetObjectItem(j, "server_output_text"); ++ j_server_output = iperf_cJSON_GetObjectItemType(j, "server_output_text", cJSON_String); + if (j_server_output != NULL) { + test->server_output_text = strdup(j_server_output->valuestring); + } +@@ -2676,7 +2676,7 @@ get_results(struct iperf_test *test) + } + } + +- j_remote_congestion_used = cJSON_GetObjectItem(j, "congestion_used"); ++ j_remote_congestion_used = iperf_cJSON_GetObjectItemType(j, "congestion_used", cJSON_String); + if (j_remote_congestion_used != NULL) { + test->remote_congestion_used = strdup(j_remote_congestion_used->valuestring); + } +@@ -4878,7 +4878,7 @@ iperf_json_finish(struct iperf_test *test) + + /* --json-stream, so we print various individual objects */ + if (test->json_stream) { +- cJSON *error = cJSON_GetObjectItem(test->json_top, "error"); ++ cJSON *error = iperf_cJSON_GetObjectItemType(test->json_top, "error", cJSON_String); + if (error) { + JSONStream_Output(test, "error", error); + } +diff --git a/src/iperf_error.c b/src/iperf_error.c +index 0fedf31..3cb9b45 100644 +--- a/src/iperf_error.c ++++ b/src/iperf_error.c +@@ -60,11 +60,11 @@ iperf_err(struct iperf_test *test, const char *format, ...) + if (test != NULL && test->json_output && test->json_top != NULL) + cJSON_AddStringToObject(test->json_top, "error", str); + else { +- if (pthread_mutex_lock(&(test->print_mutex)) != 0) { ++ if (test != NULL && pthread_mutex_lock(&(test->print_mutex)) != 0) { + perror("iperf_err: pthread_mutex_lock"); + } + +- if (test && test->outfile && test->outfile != stdout) { ++ if (test != NULL && test->outfile != NULL && test->outfile != stdout) { + if (ct) { + fprintf(test->outfile, "%s", ct); + } +@@ -77,7 +77,7 @@ iperf_err(struct iperf_test *test, const char *format, ...) + fprintf(stderr, "iperf3: %s\n", str); + } + +- if (pthread_mutex_unlock(&(test->print_mutex)) != 0) { ++ if (test != NULL && pthread_mutex_unlock(&(test->print_mutex)) != 0) { + perror("iperf_err: pthread_mutex_unlock"); + } + +diff --git a/src/iperf_util.c b/src/iperf_util.c +index 81e8da1..a8a32e1 100644 +--- a/src/iperf_util.c ++++ b/src/iperf_util.c +@@ -430,6 +430,42 @@ iperf_json_printf(const char *format, ...) + return o; + } + ++/********************** cJSON GetObjectItem w/ Type Helper ********************/ ++cJSON * iperf_cJSON_GetObjectItemType(cJSON * j, char * item_string, int expected_type){ ++ cJSON *j_p; ++ if((j_p = cJSON_GetObjectItem(j, item_string)) != NULL) ++ switch(expected_type){ ++ case cJSON_True: ++ if(cJSON_IsBool(j_p)) ++ return j_p; ++ else ++ iperf_err(NULL, "iperf_cJSON_GetObjectItemType mismatch %s", item_string); ++ break; ++ case cJSON_String: ++ if(cJSON_IsString(j_p)) ++ return j_p; ++ else ++ iperf_err(NULL, "iperf_cJSON_GetObjectItemType mismatch %s", item_string); ++ break; ++ case cJSON_Number: ++ if(cJSON_IsNumber(j_p)) ++ return j_p; ++ else ++ iperf_err(NULL, "iperf_cJSON_GetObjectItemType mismatch %s", item_string); ++ break; ++ case cJSON_Array: ++ if(cJSON_IsArray(j_p)) ++ return j_p; ++ else ++ iperf_err(NULL, "iperf_cJSON_GetObjectItemType mismatch %s", item_string); ++ break; ++ default: ++ iperf_err(NULL, "unsupported type"); ++ } ++ ++ return NULL; ++} ++ + /* Debugging routine to dump out an fd_set. */ + void + iperf_dump_fdset(FILE *fp, const char *str, int nfds, fd_set *fds) +diff --git a/src/iperf_util.h b/src/iperf_util.h +index b109af2..c39a1f7 100644 +--- a/src/iperf_util.h ++++ b/src/iperf_util.h +@@ -53,6 +53,7 @@ const char* get_system_info(void); + const char* get_optional_features(void); + + cJSON* iperf_json_printf(const char *format, ...); ++cJSON * iperf_cJSON_GetObjectItemType(cJSON * j_p, char * item_string, int expected_type); + + void iperf_dump_fdset(FILE *fp, const char *str, int nfds, fd_set *fds); + +-- +2.45.2 + diff --git a/SPECS/iperf3/iperf3.spec b/SPECS/iperf3/iperf3.spec index 77ae18a0319..6b5adf200cc 100644 --- a/SPECS/iperf3/iperf3.spec +++ b/SPECS/iperf3/iperf3.spec @@ -1,7 +1,7 @@ Summary: A network performance benchmark tool. Name: iperf3 Version: 3.17.1 -Release: 1%{?dist} +Release: 2%{?dist} License: BSD and MIT and Public Domain Vendor: Microsoft Corporation Distribution: Azure Linux @@ -9,6 +9,7 @@ Group: Applications/System URL: https://github.com/esnet/iperf Source0: https://github.com/esnet/iperf/archive/%{version}.tar.gz#/%{name}-%{version}.tar.gz Patch1: disablepg.patch +Patch2: CVE-2024-53580.patch BuildRequires: autoconf >= 2.71 BuildRequires: automake @@ -66,6 +67,9 @@ make %{?_smp_mflags} check %{_mandir}/man3/libiperf.3.gz %changelog +* Tue Dec 31 2024 Kanishk Bansal - 3.17.1-2 +- Address CVE-2024-53580 using an upstream patch. + * Fri Aug 09 2024 Muhammad Falak - 3.17.1-1 - Update version to 3.17.1 to address CVE-2024-26306