mirror of
https://github.com/openembedded/meta-openembedded.git
synced 2026-07-16 04:17:25 +00:00
iperf3: upgrade 3.14 -> 3.15
Changelog:
===========
Several bugs that could allow the iperf3 server to hang waiting
for input on the control connection has been fixed.
A bug that caused garbled output with UDP tests on 32-bit hosts
has been fixed (PR #1554, PR #1556). This bug was introduced in
iperf-3.14.
A bug in counting UDP messages has been fixed (PR #1367, PR
#1380).
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 8765f02ffb)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
This commit is contained in:
committed by
Gyorgy Sarvari
parent
23d9cf882f
commit
41b10de52e
@@ -1,133 +0,0 @@
|
|||||||
From 5e3704dd850a5df2fb2b3eafd117963d017d07b4 Mon Sep 17 00:00:00 2001
|
|
||||||
From: "Bruce A. Mah" <bmah@es.net>
|
|
||||||
Date: Tue, 1 Aug 2023 14:02:54 -0700
|
|
||||||
Subject: [PATCH] Implement fixes to make the control connection more robust.
|
|
||||||
|
|
||||||
These include various timeouts in Nread() to guarantee that it will
|
|
||||||
eventually exit, a 10-second timeout for each attempt to read data
|
|
||||||
from the network and an approximately 30-second overall timeout per
|
|
||||||
Nread() call.
|
|
||||||
|
|
||||||
Also the iperf3 server now checks the length of the received session
|
|
||||||
cookie, and errors out if this happens to be incorrect.
|
|
||||||
|
|
||||||
Reported by Jorge Sancho Larraz - Canonical.
|
|
||||||
|
|
||||||
CVE: CVE-2023-7250
|
|
||||||
|
|
||||||
Upstream-Status: Backport [https://github.com/esnet/iperf/commit/5e3704dd850a5df2fb2b3eafd117963d017d07b4]
|
|
||||||
|
|
||||||
Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
|
|
||||||
---
|
|
||||||
src/iperf_server_api.c | 7 ++++-
|
|
||||||
src/net.c | 62 ++++++++++++++++++++++++++++++++++++++++++
|
|
||||||
2 files changed, 68 insertions(+), 1 deletion(-)
|
|
||||||
|
|
||||||
diff --git a/src/iperf_server_api.c b/src/iperf_server_api.c
|
|
||||||
index 18f105d..ae916f5 100644
|
|
||||||
--- a/src/iperf_server_api.c
|
|
||||||
+++ b/src/iperf_server_api.c
|
|
||||||
@@ -140,7 +140,12 @@ iperf_accept(struct iperf_test *test)
|
|
||||||
}
|
|
||||||
#endif /* HAVE_TCP_USER_TIMEOUT */
|
|
||||||
|
|
||||||
- if (Nread(test->ctrl_sck, test->cookie, COOKIE_SIZE, Ptcp) < 0) {
|
|
||||||
+ if (Nread(test->ctrl_sck, test->cookie, COOKIE_SIZE, Ptcp) != COOKIE_SIZE) {
|
|
||||||
+ /*
|
|
||||||
+ * Note this error covers both the case of a system error
|
|
||||||
+ * or the inability to read the correct amount of data
|
|
||||||
+ * (i.e. timed out).
|
|
||||||
+ */
|
|
||||||
i_errno = IERECVCOOKIE;
|
|
||||||
return -1;
|
|
||||||
}
|
|
||||||
diff --git a/src/net.c b/src/net.c
|
|
||||||
index 1a88155..b80fb64 100644
|
|
||||||
--- a/src/net.c
|
|
||||||
+++ b/src/net.c
|
|
||||||
@@ -65,6 +65,9 @@
|
|
||||||
#include "net.h"
|
|
||||||
#include "timer.h"
|
|
||||||
|
|
||||||
+static int nread_read_timeout = 10;
|
|
||||||
+static int nread_overall_timeout = 30;
|
|
||||||
+
|
|
||||||
/*
|
|
||||||
* Declaration of gerror in iperf_error.c. Most other files in iperf3 can get this
|
|
||||||
* by including "iperf.h", but net.c lives "below" this layer. Clearly the
|
|
||||||
@@ -372,6 +375,32 @@ Nread(int fd, char *buf, size_t count, int prot)
|
|
||||||
{
|
|
||||||
register ssize_t r;
|
|
||||||
register size_t nleft = count;
|
|
||||||
+ struct iperf_time ftimeout = { 0, 0 };
|
|
||||||
+
|
|
||||||
+ fd_set rfdset;
|
|
||||||
+ struct timeval timeout = { nread_read_timeout, 0 };
|
|
||||||
+
|
|
||||||
+ /*
|
|
||||||
+ * fd might not be ready for reading on entry. Check for this
|
|
||||||
+ * (with timeout) first.
|
|
||||||
+ *
|
|
||||||
+ * This check could go inside the while() loop below, except we're
|
|
||||||
+ * currently considering whether it might make sense to support a
|
|
||||||
+ * codepath that bypassese this check, for situations where we
|
|
||||||
+ * already know that fd has data on it (for example if we'd gotten
|
|
||||||
+ * to here as the result of a select() call.
|
|
||||||
+ */
|
|
||||||
+ {
|
|
||||||
+ FD_ZERO(&rfdset);
|
|
||||||
+ FD_SET(fd, &rfdset);
|
|
||||||
+ r = select(fd + 1, &rfdset, NULL, NULL, &timeout);
|
|
||||||
+ if (r < 0) {
|
|
||||||
+ return NET_HARDERROR;
|
|
||||||
+ }
|
|
||||||
+ if (r == 0) {
|
|
||||||
+ return 0;
|
|
||||||
+ }
|
|
||||||
+ }
|
|
||||||
|
|
||||||
while (nleft > 0) {
|
|
||||||
r = read(fd, buf, nleft);
|
|
||||||
@@ -385,6 +414,39 @@ Nread(int fd, char *buf, size_t count, int prot)
|
|
||||||
|
|
||||||
nleft -= r;
|
|
||||||
buf += r;
|
|
||||||
+
|
|
||||||
+ /*
|
|
||||||
+ * We need some more bytes but don't want to wait around
|
|
||||||
+ * forever for them. In the case of partial results, we need
|
|
||||||
+ * to be able to read some bytes every nread_timeout seconds.
|
|
||||||
+ */
|
|
||||||
+ if (nleft > 0) {
|
|
||||||
+ struct iperf_time now;
|
|
||||||
+
|
|
||||||
+ /*
|
|
||||||
+ * Also, we have an approximate upper limit for the total time
|
|
||||||
+ * that a Nread call is supposed to take. We trade off accuracy
|
|
||||||
+ * of this timeout for a hopefully lower performance impact.
|
|
||||||
+ */
|
|
||||||
+ iperf_time_now(&now);
|
|
||||||
+ if (ftimeout.secs == 0) {
|
|
||||||
+ ftimeout = now;
|
|
||||||
+ iperf_time_add_usecs(&ftimeout, nread_overall_timeout * 1000000L);
|
|
||||||
+ }
|
|
||||||
+ if (iperf_time_compare(&ftimeout, &now) < 0) {
|
|
||||||
+ break;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ FD_ZERO(&rfdset);
|
|
||||||
+ FD_SET(fd, &rfdset);
|
|
||||||
+ r = select(fd + 1, &rfdset, NULL, NULL, &timeout);
|
|
||||||
+ if (r < 0) {
|
|
||||||
+ return NET_HARDERROR;
|
|
||||||
+ }
|
|
||||||
+ if (r == 0) {
|
|
||||||
+ break;
|
|
||||||
+ }
|
|
||||||
+ }
|
|
||||||
}
|
|
||||||
return count - nleft;
|
|
||||||
}
|
|
||||||
--
|
|
||||||
2.40.0
|
|
||||||
|
|
||||||
+1
-2
@@ -18,12 +18,11 @@ SRC_URI = "git://github.com/esnet/iperf.git;branch=master;protocol=https \
|
|||||||
file://0001-configure.ac-check-for-CPP-prog.patch \
|
file://0001-configure.ac-check-for-CPP-prog.patch \
|
||||||
file://CVE-2025-54350.patch \
|
file://CVE-2025-54350.patch \
|
||||||
file://CVE-2025-54349.patch \
|
file://CVE-2025-54349.patch \
|
||||||
file://CVE-2023-7250.patch \
|
|
||||||
file://CVE-2024-26306.patch \
|
file://CVE-2024-26306.patch \
|
||||||
file://CVE-2024-53580.patch \
|
file://CVE-2024-53580.patch \
|
||||||
"
|
"
|
||||||
|
|
||||||
SRCREV = "a0be85934144bc04712a6695b14ea6e45c379e1d"
|
SRCREV = "917d2f02188f6f4cdc443df7923a4bde72017d92"
|
||||||
|
|
||||||
S = "${WORKDIR}/git"
|
S = "${WORKDIR}/git"
|
||||||
|
|
||||||
Reference in New Issue
Block a user