| Message ID | 20250917054831.2884291-1-peng.zhang1.cn@windriver.com |
|---|---|
| State | New |
| Headers | show |
| Series | [meta-oe,scarthgap] iperf3: fix CVE-2025-54350 | expand |
On Wed, 2025-09-17 at 13:48 +0800, Zhang, Peng (Paul) (CN) via lists.openembedded.org wrote: > From: Zhang Peng <peng.zhang1.cn@windriver.com> > > CVE-2025-54350: > In iperf before 3.19.1, iperf_auth.c has a Base64Decode assertion > failure and application exit upon a malformed authentication attempt. > > Reference: > [https://nvd.nist.gov/vuln/detail/CVE-2025-54350] > > Upstream patches: > [ > https://github.com/esnet/iperf/commit/4eab661da0bbaac04493fa40164e928c > 6df7934a] This seems to be affecting kirkstone and walnascar as well. Thanks, Anuj > > Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com> > --- > .../iperf3/iperf3/CVE-2025-54350.patch | 39 > +++++++++++++++++++ > .../recipes-benchmark/iperf3/iperf3_3.18.bb | 1 + > 2 files changed, 40 insertions(+) > create mode 100644 meta-oe/recipes-benchmark/iperf3/iperf3/CVE-2025- > 54350.patch > > diff --git a/meta-oe/recipes-benchmark/iperf3/iperf3/CVE-2025- > 54350.patch b/meta-oe/recipes-benchmark/iperf3/iperf3/CVE-2025- > 54350.patch > new file mode 100644 > index 0000000000..e6de0e810c > --- /dev/null > +++ b/meta-oe/recipes-benchmark/iperf3/iperf3/CVE-2025-54350.patch > @@ -0,0 +1,39 @@ > +From 4cd6c8e85376a33bddd01fac143e27436d41f2b9 Mon Sep 17 00:00:00 > 2001 > +From: "Bruce A. Mah" <bmah@es.net> > +Date: Tue, 24 Jun 2025 15:58:21 -0700 > +Subject: [PATCH] Prevent crash due to assertion failures on > malformed > + authentication attempt. > + > +Reported by Han Lee (Apple Information Security) > +CVE-2025-54350 > + > +CVE: CVE-2025-54350 > +Upstream-Status: Backport > [https://github.com/esnet/iperf/commit/4eab661da0bbaac04493fa40164e92 > 8c6df7934a] > +Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com> > +--- > + src/iperf_auth.c | 2 -- > + 1 file changed, 2 deletions(-) > + > +diff --git a/src/iperf_auth.c b/src/iperf_auth.c > +index 86b4eba..632f03d 100644 > +--- a/src/iperf_auth.c > ++++ b/src/iperf_auth.c > +@@ -28,7 +28,6 @@ > + #include "iperf_config.h" > + > + #include <string.h> > +-#include <assert.h> > + #include <time.h> > + #include <sys/types.h> > + /* FreeBSD needs _WITH_GETLINE to enable the getline() declaration > */ > +@@ -152,7 +151,6 @@ int Base64Decode(const char* b64message, > unsigned char** buffer, size_t* length) > + > + BIO_set_flags(bio, BIO_FLAGS_BASE64_NO_NL); //Do not use > newlines to flush buffer > + *length = BIO_read(bio, *buffer, strlen(b64message)); > +- assert(*length == decodeLen); //length should equal decodeLen, > else something went horribly wrong > + BIO_free_all(bio); > + > + return (0); //success > +-- > +2.50.0 > + > diff --git a/meta-oe/recipes-benchmark/iperf3/iperf3_3.18.bb b/meta- > oe/recipes-benchmark/iperf3/iperf3_3.18.bb > index e96d5f084b..7fb2c52d08 100644 > --- a/meta-oe/recipes-benchmark/iperf3/iperf3_3.18.bb > +++ b/meta-oe/recipes-benchmark/iperf3/iperf3_3.18.bb > @@ -16,6 +16,7 @@ SRC_URI = > "git://github.com/esnet/iperf.git;branch=master;protocol=https \ > file://0002-Remove-pg-from-profile_CFLAGS.patch \ > file://0001-configure.ac-check-for-CPP-prog.patch \ > file://CVE-2025-54349.patch \ > + file://CVE-2025-54350.patch \ > " > > SRCREV = "2a2984488d6de8f7a2d1f5938e03ca7be57e227c" > > -=-=-=-=-=-=-=-=-=-=-=- > Links: You receive all messages sent to this group. > View/Reply Online (#119478): > https://lists.openembedded.org/g/openembedded-devel/message/119478 > Mute This Topic: https://lists.openembedded.org/mt/115286990/3616702 > Group Owner: openembedded-devel+owner@lists.openembedded.org > Unsubscribe: > https://lists.openembedded.org/g/openembedded-devel/unsub [ > anuj.mittal@intel.com] > -=-=-=-=-=-=-=-=-=-=-=-
On 9/18/25 10:02, Mittal, Anuj wrote: > CAUTION: This email comes from a non Wind River email account! > Do not click links or open attachments unless you recognize the sender and know the content is safe. > > On Wed, 2025-09-17 at 13:48 +0800, Zhang, Peng (Paul) (CN) via > lists.openembedded.org wrote: >> From: Zhang Peng<peng.zhang1.cn@windriver.com> >> >> CVE-2025-54350: >> In iperf before 3.19.1, iperf_auth.c has a Base64Decode assertion >> failure and application exit upon a malformed authentication attempt. >> >> Reference: >> [https://nvd.nist.gov/vuln/detail/CVE-2025-54350] >> >> Upstream patches: >> [ >> https://github.com/esnet/iperf/commit/4eab661da0bbaac04493fa40164e928c >> 6df7934a] > This seems to be affecting kirkstone and walnascar as well. For *walnascar*, the CVE-2025-54349 patch has just been merged, so this patch is now fully suitable. For *kirkstone*, the iperf version is 3.14. This patch is suitable, but CVE-2025-54349 patch has not been backported yet. It would make sense to apply both patches together. thanks very much. //peng > > Thanks, > > Anuj > >> Signed-off-by: Zhang Peng<peng.zhang1.cn@windriver.com> >> --- >> .../iperf3/iperf3/CVE-2025-54350.patch | 39 >> +++++++++++++++++++ >> .../recipes-benchmark/iperf3/iperf3_3.18.bb | 1 + >> 2 files changed, 40 insertions(+) >> create mode 100644 meta-oe/recipes-benchmark/iperf3/iperf3/CVE-2025- >> 54350.patch >> >> diff --git a/meta-oe/recipes-benchmark/iperf3/iperf3/CVE-2025- >> 54350.patch b/meta-oe/recipes-benchmark/iperf3/iperf3/CVE-2025- >> 54350.patch >> new file mode 100644 >> index 0000000000..e6de0e810c >> --- /dev/null >> +++ b/meta-oe/recipes-benchmark/iperf3/iperf3/CVE-2025-54350.patch >> @@ -0,0 +1,39 @@ >> +From 4cd6c8e85376a33bddd01fac143e27436d41f2b9 Mon Sep 17 00:00:00 >> 2001 >> +From: "Bruce A. Mah"<bmah@es.net> >> +Date: Tue, 24 Jun 2025 15:58:21 -0700 >> +Subject: [PATCH] Prevent crash due to assertion failures on >> malformed >> + authentication attempt. >> + >> +Reported by Han Lee (Apple Information Security) >> +CVE-2025-54350 >> + >> +CVE: CVE-2025-54350 >> +Upstream-Status: Backport >> [https://github.com/esnet/iperf/commit/4eab661da0bbaac04493fa40164e92 >> 8c6df7934a] >> +Signed-off-by: Zhang Peng<peng.zhang1.cn@windriver.com> >> +--- >> + src/iperf_auth.c | 2 -- >> + 1 file changed, 2 deletions(-) >> + >> +diff --git a/src/iperf_auth.c b/src/iperf_auth.c >> +index 86b4eba..632f03d 100644 >> +--- a/src/iperf_auth.c >> ++++ b/src/iperf_auth.c >> +@@ -28,7 +28,6 @@ >> + #include "iperf_config.h" >> + >> + #include <string.h> >> +-#include <assert.h> >> + #include <time.h> >> + #include <sys/types.h> >> + /* FreeBSD needs _WITH_GETLINE to enable the getline() declaration >> */ >> +@@ -152,7 +151,6 @@ int Base64Decode(const char* b64message, >> unsigned char** buffer, size_t* length) >> + >> + BIO_set_flags(bio, BIO_FLAGS_BASE64_NO_NL); //Do not use >> newlines to flush buffer >> + *length = BIO_read(bio, *buffer, strlen(b64message)); >> +- assert(*length == decodeLen); //length should equal decodeLen, >> else something went horribly wrong >> + BIO_free_all(bio); >> + >> + return (0); //success >> +-- >> +2.50.0 >> + >> diff --git a/meta-oe/recipes-benchmark/iperf3/iperf3_3.18.bb b/meta- >> oe/recipes-benchmark/iperf3/iperf3_3.18.bb >> index e96d5f084b..7fb2c52d08 100644 >> --- a/meta-oe/recipes-benchmark/iperf3/iperf3_3.18.bb >> +++ b/meta-oe/recipes-benchmark/iperf3/iperf3_3.18.bb >> @@ -16,6 +16,7 @@ SRC_URI = >> "git://github.com/esnet/iperf.git;branch=master;protocol=https \ >> file://0002-Remove-pg-from-profile_CFLAGS.patch \ >> file://0001-configure.ac-check-for-CPP-prog.patch \ >> file://CVE-2025-54349.patch \ >> +file://CVE-2025-54350.patch \ >> " >> >> SRCREV = "2a2984488d6de8f7a2d1f5938e03ca7be57e227c" >> >> -=-=-=-=-=-=-=-=-=-=-=- >> Links: You receive all messages sent to this group. >> View/Reply Online (#119478): >> https://lists.openembedded.org/g/openembedded-devel/message/119478 >> Mute This Topic:https://lists.openembedded.org/mt/115286990/3616702 >> Group Owner:openembedded-devel+owner@lists.openembedded.org >> Unsubscribe: >> https://lists.openembedded.org/g/openembedded-devel/unsub [ >> anuj.mittal@intel.com] >> -=-=-=-=-=-=-=-=-=-=-=-
diff --git a/meta-oe/recipes-benchmark/iperf3/iperf3/CVE-2025-54350.patch b/meta-oe/recipes-benchmark/iperf3/iperf3/CVE-2025-54350.patch new file mode 100644 index 0000000000..e6de0e810c --- /dev/null +++ b/meta-oe/recipes-benchmark/iperf3/iperf3/CVE-2025-54350.patch @@ -0,0 +1,39 @@ +From 4cd6c8e85376a33bddd01fac143e27436d41f2b9 Mon Sep 17 00:00:00 2001 +From: "Bruce A. Mah" <bmah@es.net> +Date: Tue, 24 Jun 2025 15:58:21 -0700 +Subject: [PATCH] Prevent crash due to assertion failures on malformed + authentication attempt. + +Reported by Han Lee (Apple Information Security) +CVE-2025-54350 + +CVE: CVE-2025-54350 +Upstream-Status: Backport [https://github.com/esnet/iperf/commit/4eab661da0bbaac04493fa40164e928c6df7934a] +Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com> +--- + src/iperf_auth.c | 2 -- + 1 file changed, 2 deletions(-) + +diff --git a/src/iperf_auth.c b/src/iperf_auth.c +index 86b4eba..632f03d 100644 +--- a/src/iperf_auth.c ++++ b/src/iperf_auth.c +@@ -28,7 +28,6 @@ + #include "iperf_config.h" + + #include <string.h> +-#include <assert.h> + #include <time.h> + #include <sys/types.h> + /* FreeBSD needs _WITH_GETLINE to enable the getline() declaration */ +@@ -152,7 +151,6 @@ int Base64Decode(const char* b64message, unsigned char** buffer, size_t* length) + + BIO_set_flags(bio, BIO_FLAGS_BASE64_NO_NL); //Do not use newlines to flush buffer + *length = BIO_read(bio, *buffer, strlen(b64message)); +- assert(*length == decodeLen); //length should equal decodeLen, else something went horribly wrong + BIO_free_all(bio); + + return (0); //success +-- +2.50.0 + diff --git a/meta-oe/recipes-benchmark/iperf3/iperf3_3.18.bb b/meta-oe/recipes-benchmark/iperf3/iperf3_3.18.bb index e96d5f084b..7fb2c52d08 100644 --- a/meta-oe/recipes-benchmark/iperf3/iperf3_3.18.bb +++ b/meta-oe/recipes-benchmark/iperf3/iperf3_3.18.bb @@ -16,6 +16,7 @@ SRC_URI = "git://github.com/esnet/iperf.git;branch=master;protocol=https \ file://0002-Remove-pg-from-profile_CFLAGS.patch \ file://0001-configure.ac-check-for-CPP-prog.patch \ file://CVE-2025-54349.patch \ + file://CVE-2025-54350.patch \ " SRCREV = "2a2984488d6de8f7a2d1f5938e03ca7be57e227c"