Overview

File CVE-2023-38403.patch of Package iperf.29885

From 0ef151550d96cc4460f98832df84b4a1e87c65e9 Mon Sep 17 00:00:00 2001
From: "Bruce A. Mah" <bmah@es.net>
Date: Fri, 7 Jul 2023 11:35:02 -0700
Subject: [PATCH] Fix memory allocation hazard (#1542). (#1543)

Reported by:	@someusername123 on GitHub
---
 src/iperf_api.c | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

Index: iperf-3.5/src/iperf_api.c
===================================================================
--- iperf-3.5.orig/src/iperf_api.c
+++ iperf-3.5/src/iperf_api.c
@@ -1893,6 +1893,7 @@ static cJSON *
 JSON_read(int fd)
 {
     uint32_t hsize, nsize;
+    size_t strsize;
     char *str;
     cJSON *json = NULL;
     int rc;
@@ -1905,7 +1906,9 @@ JSON_read(int fd)
     if (Nread(fd, (char*) &nsize, sizeof(nsize), Ptcp) >= 0) {
 	hsize = ntohl(nsize);
 	/* Allocate a buffer to hold the JSON */
-	str = (char *) calloc(sizeof(char), hsize+1);	/* +1 for trailing null */
+	strsize = hsize + 1;              /* +1 for trailing NULL */
+	if (strsize) {
+	str = (char *) calloc(sizeof(char), strsize);
 	if (str != NULL) {
 	    rc = Nread(fd, str, hsize, Ptcp);
 	    if (rc >= 0) {
@@ -1924,6 +1927,10 @@ JSON_read(int fd)
 	    }
 	}
 	free(str);
+	}
+	else {
+	    printf("WARNING:  Data length overflow\n");
+	}
     }
     return json;
 }
openSUSE Build Service is sponsored by
Places