From 41b10de52e0a02b8badc62b409dccb9f9bf8b3d6 Mon Sep 17 00:00:00 2001 From: Wang Mingyu Date: Tue, 19 Sep 2023 15:32:31 +0800 Subject: [PATCH] iperf3: upgrade 3.14 -> 3.15 Changelog: =========== Several bugs that could allow the iperf3 server to hang waiting for input on the control connection has been fixed. A bug that caused garbled output with UDP tests on 32-bit hosts has been fixed (PR #1554, PR #1556). This bug was introduced in iperf-3.14. A bug in counting UDP messages has been fixed (PR #1367, PR #1380). Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj (cherry picked from commit 8765f02ffb85ddff21e461b716ef3f86d368cb4e) Signed-off-by: Gyorgy Sarvari --- .../iperf3/iperf3/CVE-2023-7250.patch | 133 ------------------ .../iperf3/{iperf3_3.14.bb => iperf3_3.15.bb} | 3 +- 2 files changed, 1 insertion(+), 135 deletions(-) delete mode 100644 meta-oe/recipes-benchmark/iperf3/iperf3/CVE-2023-7250.patch rename meta-oe/recipes-benchmark/iperf3/{iperf3_3.14.bb => iperf3_3.15.bb} (93%) diff --git a/meta-oe/recipes-benchmark/iperf3/iperf3/CVE-2023-7250.patch b/meta-oe/recipes-benchmark/iperf3/iperf3/CVE-2023-7250.patch deleted file mode 100644 index 6000480de7..0000000000 --- a/meta-oe/recipes-benchmark/iperf3/iperf3/CVE-2023-7250.patch +++ /dev/null @@ -1,133 +0,0 @@ -From 5e3704dd850a5df2fb2b3eafd117963d017d07b4 Mon Sep 17 00:00:00 2001 -From: "Bruce A. Mah" -Date: Tue, 1 Aug 2023 14:02:54 -0700 -Subject: [PATCH] Implement fixes to make the control connection more robust. - -These include various timeouts in Nread() to guarantee that it will -eventually exit, a 10-second timeout for each attempt to read data -from the network and an approximately 30-second overall timeout per -Nread() call. - -Also the iperf3 server now checks the length of the received session -cookie, and errors out if this happens to be incorrect. - -Reported by Jorge Sancho Larraz - Canonical. - -CVE: CVE-2023-7250 - -Upstream-Status: Backport [https://github.com/esnet/iperf/commit/5e3704dd850a5df2fb2b3eafd117963d017d07b4] - -Signed-off-by: Soumya Sambu ---- - src/iperf_server_api.c | 7 ++++- - src/net.c | 62 ++++++++++++++++++++++++++++++++++++++++++ - 2 files changed, 68 insertions(+), 1 deletion(-) - -diff --git a/src/iperf_server_api.c b/src/iperf_server_api.c -index 18f105d..ae916f5 100644 ---- a/src/iperf_server_api.c -+++ b/src/iperf_server_api.c -@@ -140,7 +140,12 @@ iperf_accept(struct iperf_test *test) - } - #endif /* HAVE_TCP_USER_TIMEOUT */ - -- if (Nread(test->ctrl_sck, test->cookie, COOKIE_SIZE, Ptcp) < 0) { -+ if (Nread(test->ctrl_sck, test->cookie, COOKIE_SIZE, Ptcp) != COOKIE_SIZE) { -+ /* -+ * Note this error covers both the case of a system error -+ * or the inability to read the correct amount of data -+ * (i.e. timed out). -+ */ - i_errno = IERECVCOOKIE; - return -1; - } -diff --git a/src/net.c b/src/net.c -index 1a88155..b80fb64 100644 ---- a/src/net.c -+++ b/src/net.c -@@ -65,6 +65,9 @@ - #include "net.h" - #include "timer.h" - -+static int nread_read_timeout = 10; -+static int nread_overall_timeout = 30; -+ - /* - * Declaration of gerror in iperf_error.c. Most other files in iperf3 can get this - * by including "iperf.h", but net.c lives "below" this layer. Clearly the -@@ -372,6 +375,32 @@ Nread(int fd, char *buf, size_t count, int prot) - { - register ssize_t r; - register size_t nleft = count; -+ struct iperf_time ftimeout = { 0, 0 }; -+ -+ fd_set rfdset; -+ struct timeval timeout = { nread_read_timeout, 0 }; -+ -+ /* -+ * fd might not be ready for reading on entry. Check for this -+ * (with timeout) first. -+ * -+ * This check could go inside the while() loop below, except we're -+ * currently considering whether it might make sense to support a -+ * codepath that bypassese this check, for situations where we -+ * already know that fd has data on it (for example if we'd gotten -+ * to here as the result of a select() call. -+ */ -+ { -+ FD_ZERO(&rfdset); -+ FD_SET(fd, &rfdset); -+ r = select(fd + 1, &rfdset, NULL, NULL, &timeout); -+ if (r < 0) { -+ return NET_HARDERROR; -+ } -+ if (r == 0) { -+ return 0; -+ } -+ } - - while (nleft > 0) { - r = read(fd, buf, nleft); -@@ -385,6 +414,39 @@ Nread(int fd, char *buf, size_t count, int prot) - - nleft -= r; - buf += r; -+ -+ /* -+ * We need some more bytes but don't want to wait around -+ * forever for them. In the case of partial results, we need -+ * to be able to read some bytes every nread_timeout seconds. -+ */ -+ if (nleft > 0) { -+ struct iperf_time now; -+ -+ /* -+ * Also, we have an approximate upper limit for the total time -+ * that a Nread call is supposed to take. We trade off accuracy -+ * of this timeout for a hopefully lower performance impact. -+ */ -+ iperf_time_now(&now); -+ if (ftimeout.secs == 0) { -+ ftimeout = now; -+ iperf_time_add_usecs(&ftimeout, nread_overall_timeout * 1000000L); -+ } -+ if (iperf_time_compare(&ftimeout, &now) < 0) { -+ break; -+ } -+ -+ FD_ZERO(&rfdset); -+ FD_SET(fd, &rfdset); -+ r = select(fd + 1, &rfdset, NULL, NULL, &timeout); -+ if (r < 0) { -+ return NET_HARDERROR; -+ } -+ if (r == 0) { -+ break; -+ } -+ } - } - return count - nleft; - } --- -2.40.0 - diff --git a/meta-oe/recipes-benchmark/iperf3/iperf3_3.14.bb b/meta-oe/recipes-benchmark/iperf3/iperf3_3.15.bb similarity index 93% rename from meta-oe/recipes-benchmark/iperf3/iperf3_3.14.bb rename to meta-oe/recipes-benchmark/iperf3/iperf3_3.15.bb index e93434fbf9..d708d74b38 100644 --- a/meta-oe/recipes-benchmark/iperf3/iperf3_3.14.bb +++ b/meta-oe/recipes-benchmark/iperf3/iperf3_3.15.bb @@ -18,12 +18,11 @@ SRC_URI = "git://github.com/esnet/iperf.git;branch=master;protocol=https \ file://0001-configure.ac-check-for-CPP-prog.patch \ file://CVE-2025-54350.patch \ file://CVE-2025-54349.patch \ - file://CVE-2023-7250.patch \ file://CVE-2024-26306.patch \ file://CVE-2024-53580.patch \ " -SRCREV = "a0be85934144bc04712a6695b14ea6e45c379e1d" +SRCREV = "917d2f02188f6f4cdc443df7923a4bde72017d92" S = "${WORKDIR}/git"