mirrors/meta-openembedded
1
0
Fork 0
mirror of https://github.com/openembedded/meta-openembedded.git synced 2026-06-14 17:59:59 +00:00
Code Issues Projects Releases Wiki Activity

iperf3: Fix CVE-2025-54349

Browse Source 
This commit fix heap overflow for iperf3 package

Reference: https://github.com/esnet/iperf/commit/4e5313bab0b9b3fe03513ab54f722c8a3e4b7bdf

Signed-off-by: Nitin Wankhade <nitin.wankhade333@gmail.com>
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
This commit is contained in:
Nitin Wankhade
2025-09-22 09:08:19 +05:30
committed by Gyorgy Sarvari
parent bfa5f662db
commit 8f65fa4e2e
2 changed files with 57 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
meta-oe/recipes-benchmark/iperf3/iperf3/CVE-2025-54349.patch
+56
View File
@@ -0,0 +1,56 @@
Subject: [PATCH] iperf3: Fix CVE-2025-54349
CVE: CVE-2025-54349
Upstream-Status: Backport [https://github.com/esnet/iperf/commit/4e5313bab0b9b3fe03513ab54f722c8a3e4b7bdf]
Comment: Patch is refreshed as per codebase of 3.14
Signed-off-by: Nitin Wankhade <nitin.wankhade333@gmail.com>
---
--- a/src/iperf_auth.c 2025-08-19 12:02:47.706337000 +0530
+++ b/src/iperf_auth.c 2025-09-15 12:50:47.933400511 +0530
@@ -264,7 +264,8 @@
keysize = RSA_size(rsa);
rsa_buffer = OPENSSL_malloc(keysize * 2);
- *plaintext = (unsigned char*)OPENSSL_malloc(keysize);
+ // Note: +1 for NULL
+ *plaintext = (unsigned char*)OPENSSL_malloc(keysize + 1);
BIO *bioBuff = BIO_new_mem_buf((void*)encryptedtext, encryptedtext_len);
rsa_buffer_len = BIO_read(bioBuff, rsa_buffer, keysize * 2);
@@ -274,7 +275,7 @@
OPENSSL_free(rsa_buffer);
BIO_free(bioBuff);
- if (plaintext_len < 0) {
+ if (plaintext_len <= 0) {
/* We probably shouldn't be printing stuff like this */
fprintf(stderr, "%s\n", ERR_error_string(ERR_get_error(), NULL));
}
@@ -320,7 +321,7 @@
int plaintext_len;
plaintext_len = decrypt_rsa_message(encrypted_b64, encrypted_len_b64, private_key, &plaintext);
free(encrypted_b64);
- if (plaintext_len < 0) {
+ if (plaintext_len <= 0) {
return -1;
}
plaintext[plaintext_len] = '\0';
@@ -328,16 +329,19 @@
char *s_username, *s_password;
s_username = (char *) calloc(plaintext_len, sizeof(char));
if (s_username == NULL) {
+ OPENSSL_free(plaintext);
return -1;
}
s_password = (char *) calloc(plaintext_len, sizeof(char));
if (s_password == NULL) {
+ OPENSSL_free(plaintext);
free(s_username);
return -1;
}
int rc = sscanf((char *) plaintext, auth_text_format, s_username, s_password, &utc_seconds);
if (rc != 3) {
+ OPENSSL_free(plaintext);
free(s_password);
free(s_username);
return -1;
meta-oe/recipes-benchmark/iperf3/iperf3_3.14.bb
+1
View File
@@ -17,6 +17,7 @@ SRC_URI = "git://github.com/esnet/iperf.git;branch=master;protocol=https \
file://0002-Remove-pg-from-profile_CFLAGS.patch \ file://0002-Remove-pg-from-profile_CFLAGS.patch \
file://0001-configure.ac-check-for-CPP-prog.patch \ file://0001-configure.ac-check-for-CPP-prog.patch \
file://CVE-2025-54350.patch \ file://CVE-2025-54350.patch \
file://CVE-2025-54349.patch \
" "
SRCREV = "a0be85934144bc04712a6695b14ea6e45c379e1d" SRCREV = "a0be85934144bc04712a6695b14ea6e45c379e1d"