Skip to content
Permalink
Browse files Browse the repository at this point in the history
Fix a buffer overflow / heap corruption issue that could occur if a
malformed JSON string was passed on the control channel.  This issue,
present in the cJSON library, was already fixed upstream, so was
addressed here in iperf3 by importing a newer version of cJSON (plus
local ESnet modifications).

Discovered and reported by Dave McDaniel, Cisco Talos.

Based on a patch by @dopheide-esnet, with input from @DaveGamble.

Cross-references:  TALOS-CAN-0164, ESNET-SECADV-2016-0001,
CVE-2016-4303

(cherry picked from commit ed94082)
Signed-off-by: Bruce A. Mah <bmah@es.net>
  • Loading branch information
bmah888 committed Jun 3, 2016
1 parent fec5bd1 commit 91f2fa5
Show file tree
Hide file tree
Showing 5 changed files with 697 additions and 927 deletions.
6 changes: 6 additions & 0 deletions configure.ac
Expand Up @@ -62,6 +62,12 @@ AC_HEADER_STDC
# Check for systems which need -lsocket and -lnsl
#AX_LIB_SOCKET_NSL

# Check for the math library (needed by cjson on some platforms)
AC_SEARCH_LIBS(floor, [m], [], [
echo "floor()"
exit 1
])

# Solaris puts nanosleep in -lrt
AC_SEARCH_LIBS(nanosleep, [rt], [], [
echo "nanosleep() required for timing operations."
Expand Down

0 comments on commit 91f2fa5

Please sign in to comment.