Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Fix a buffer overflow / heap corruption issue that could occur if a
malformed JSON string was passed on the control channel. This issue, present in the cJSON library, was already fixed upstream, so was addressed here in iperf3 by importing a newer version of cJSON (plus local ESnet modifications). Discovered and reported by Dave McDaniel, Cisco Talos. Based on a patch by @dopheide-esnet, with input from @DaveGamble. Cross-references: TALOS-CAN-0164, ESNET-SECADV-2016-0001, CVE-2016-4303 (cherry picked from commit ed94082) Signed-off-by: Bruce A. Mah <bmah@es.net>
- Loading branch information