Fix a buffer overflow / heap corruption issue that could occur if a

malformed JSON string was passed on the control channel. This issue, present in the cJSON library, was already fixed upstream, so was addressed here in iperf3 by importing a newer version of cJSON (plus local ESnet modifications). Discovered and reported by Dave McDaniel, Cisco Talos. Based on a patch by @dopheide-esnet, with input from @DaveGamble. Cross-references: TALOS-CAN-0164, ESNET-SECADV-2016-0001, CVE-2016-4303 (cherry picked from commit ed94082) Signed-off-by: Bruce A. Mah <bmah@es.net>
esnet · Jun 3, 2016 · 91f2fa5 · 91f2fa5
1 parent fec5bd1
commit 91f2fa5
Show file tree

Hide file tree

Showing 5 changed files with 697 additions and 927 deletions.
diff --git a/configure.ac b/configure.ac
@@ -62,6 +62,12 @@ AC_HEADER_STDC
 # Check for systems which need -lsocket and -lnsl
 #AX_LIB_SOCKET_NSL
 
+# Check for the math library (needed by cjson on some platforms)
+AC_SEARCH_LIBS(floor, [m], [], [
+echo "floor()"
+exit 1
+])
+
 # Solaris puts nanosleep in -lrt
 AC_SEARCH_LIBS(nanosleep, [rt], [], [
 echo "nanosleep() required for timing operations."