iperf3: Fix CVE-2024-53580

iperf v3.17.1 was discovered to contain a segmentation violation via the iperf_exchange_parameters() function. References: https://nvd.nist.gov/vuln/detail/CVE-2024-53580 https://security-tracker.debian.org/tracker/CVE-2024-53580 Upstream patch: https://github.com/esnet/iperf/commit/3f66f604df7f1038a49108c48612c2f4fe71331f Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com> Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
author: Soumya Sambu <soumya.sambu@windriver.com> 2025-09-26 17:14:30 +0530
committer: Gyorgy Sarvari <skandigraun@gmail.com> 2025-09-26 15:13:03 +0200
commit: df818896067ccd23e9daa350c8bd5eca2c5edd63 (patch)
tree: 472a6c3de65cf3bad51036ee33ef8389f04cd74f
parent: b8333d7c6f794b314a6ea09645aff4be6c32b6d9 (diff)
download: meta-openembedded-df818896067ccd23e9daa350c8bd5eca2c5edd63.tar.gz
2 files changed, 277 insertions, 0 deletions
diff --git a/meta-oe/recipes-benchmark/iperf3/iperf3/CVE-2024-53580.patch b/meta-oe/recipes-benchmark/iperf3/iperf3/CVE-2024-53580.patch
new file mode 100644
index 0000000000..99ef69aea0
--- /dev/null
+++ b/meta-oe/recipes-benchmark/iperf3/iperf3/CVE-2024-53580.patch
@@ -0,0 +1,276 @@
+From 3f66f604df7f1038a49108c48612c2f4fe71331f Mon Sep 17 00:00:00 2001
+From: Sarah Larsen <swlarsen@es.net>
+Date: Fri, 15 Nov 2024 23:23:05 +0000
+Subject: [PATCH] Add a variant of cJSON_GetObjectItem that does type-checking.
+This avoids a potential server crash with malformed iperf3
+parameter sets. (CVE-2024-53580)
+Vulnerability report submitted by Leonid Krolle Bi.Zone.
+Original version of fix by @dopheide-esnet.
+CVE: CVE-2024-53580
+Upstream-Status: Backport [https://github.com/esnet/iperf/commit/3f66f604df7f1038a49108c48612c2f4fe71331f]
+Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
+---
+ src/iperf_api.c   | 96 +++++++++++++++++++++++------------------------
+ src/iperf_error.c |  2 +-
+ src/iperf_util.c  | 36 ++++++++++++++++++
+ src/iperf_util.h  |  1 +
+ 4 files changed, 86 insertions(+), 49 deletions(-)
+diff --git a/src/iperf_api.c b/src/iperf_api.c
+index 3915884..786af29 100644
+--- a/src/iperf_api.c
+++ b/src/iperf_api.c
+@@ -2264,72 +2264,72 @@ get_parameters(struct iperf_test *test)
+             cJSON_free(str);
+        }
+ 
+-       if ((j_p = cJSON_GetObjectItem(j, "tcp")) != NULL)
+       if ((j_p = iperf_cJSON_GetObjectItemType(j, "tcp", cJSON_True)) != NULL)
+            set_protocol(test, Ptcp);
+-       if ((j_p = cJSON_GetObjectItem(j, "udp")) != NULL)
+       if ((j_p = iperf_cJSON_GetObjectItemType(j, "udp", cJSON_True)) != NULL)
+            set_protocol(test, Pudp);
+-        if ((j_p = cJSON_GetObjectItem(j, "sctp")) != NULL)
+        if ((j_p = iperf_cJSON_GetObjectItemType(j, "sctp", cJSON_True)) != NULL)
+             set_protocol(test, Psctp);
+-       if ((j_p = cJSON_GetObjectItem(j, "omit")) != NULL)
+       if ((j_p = iperf_cJSON_GetObjectItemType(j, "omit", cJSON_Number)) != NULL)
+            test->omit = j_p->valueint;
+-       if ((j_p = cJSON_GetObjectItem(j, "server_affinity")) != NULL)
+       if ((j_p = iperf_cJSON_GetObjectItemType(j, "server_affinity", cJSON_Number)) != NULL)
+            test->server_affinity = j_p->valueint;
+-       if ((j_p = cJSON_GetObjectItem(j, "time")) != NULL)
+       if ((j_p = iperf_cJSON_GetObjectItemType(j, "time", cJSON_Number)) != NULL)
+            test->duration = j_p->valueint;
+         test->settings->bytes = 0;
+-       if ((j_p = cJSON_GetObjectItem(j, "num")) != NULL)
+       if ((j_p = iperf_cJSON_GetObjectItemType(j, "num", cJSON_Number)) != NULL)
+            test->settings->bytes = j_p->valueint;
+         test->settings->blocks = 0;
+-       if ((j_p = cJSON_GetObjectItem(j, "blockcount")) != NULL)
+       if ((j_p = iperf_cJSON_GetObjectItemType(j, "blockcount", cJSON_Number)) != NULL)
+            test->settings->blocks = j_p->valueint;
+-       if ((j_p = cJSON_GetObjectItem(j, "MSS")) != NULL)
+       if ((j_p = iperf_cJSON_GetObjectItemType(j, "MSS", cJSON_Number)) != NULL)
+            test->settings->mss = j_p->valueint;
+-       if ((j_p = cJSON_GetObjectItem(j, "nodelay")) != NULL)
+       if ((j_p = iperf_cJSON_GetObjectItemType(j, "nodelay", cJSON_True)) != NULL)
+            test->no_delay = 1;
+-       if ((j_p = cJSON_GetObjectItem(j, "parallel")) != NULL)
+       if ((j_p = iperf_cJSON_GetObjectItemType(j, "parallel", cJSON_Number)) != NULL)
+            test->num_streams = j_p->valueint;
+-       if ((j_p = cJSON_GetObjectItem(j, "reverse")) != NULL)
+       if ((j_p = iperf_cJSON_GetObjectItemType(j, "reverse", cJSON_True)) != NULL)
+            iperf_set_test_reverse(test, 1);
+-        if ((j_p = cJSON_GetObjectItem(j, "bidirectional")) != NULL)
+        if ((j_p = iperf_cJSON_GetObjectItemType(j, "bidirectional", cJSON_True)) != NULL)
+             iperf_set_test_bidirectional(test, 1);
+-       if ((j_p = cJSON_GetObjectItem(j, "window")) != NULL)
+       if ((j_p = iperf_cJSON_GetObjectItemType(j, "window", cJSON_Number)) != NULL)
+            test->settings->socket_bufsize = j_p->valueint;
+-       if ((j_p = cJSON_GetObjectItem(j, "len")) != NULL)
+       if ((j_p = iperf_cJSON_GetObjectItemType(j, "len", cJSON_Number)) != NULL)
+            test->settings->blksize = j_p->valueint;
+-       if ((j_p = cJSON_GetObjectItem(j, "bandwidth")) != NULL)
+       if ((j_p = iperf_cJSON_GetObjectItemType(j, "bandwidth", cJSON_Number)) != NULL)
+            test->settings->rate = j_p->valueint;
+-       if ((j_p = cJSON_GetObjectItem(j, "fqrate")) != NULL)
+       if ((j_p = iperf_cJSON_GetObjectItemType(j, "fqrate", cJSON_Number)) != NULL)
+            test->settings->fqrate = j_p->valueint;
+-       if ((j_p = cJSON_GetObjectItem(j, "pacing_timer")) != NULL)
+       if ((j_p = iperf_cJSON_GetObjectItemType(j, "pacing_timer", cJSON_Number)) != NULL)
+            test->settings->pacing_timer = j_p->valueint;
+-       if ((j_p = cJSON_GetObjectItem(j, "burst")) != NULL)
+       if ((j_p = iperf_cJSON_GetObjectItemType(j, "burst", cJSON_Number)) != NULL)
+            test->settings->burst = j_p->valueint;
+-       if ((j_p = cJSON_GetObjectItem(j, "TOS")) != NULL)
+       if ((j_p = iperf_cJSON_GetObjectItemType(j, "TOS", cJSON_Number)) != NULL)
+            test->settings->tos = j_p->valueint;
+-       if ((j_p = cJSON_GetObjectItem(j, "flowlabel")) != NULL)
+       if ((j_p = iperf_cJSON_GetObjectItemType(j, "flowlabel", cJSON_Number)) != NULL)
+            test->settings->flowlabel = j_p->valueint;
+-       if ((j_p = cJSON_GetObjectItem(j, "title")) != NULL)
+       if ((j_p = iperf_cJSON_GetObjectItemType(j, "title", cJSON_String)) != NULL)
+            test->title = strdup(j_p->valuestring);
+-       if ((j_p = cJSON_GetObjectItem(j, "extra_data")) != NULL)
+       if ((j_p = iperf_cJSON_GetObjectItemType(j, "extra_data", cJSON_String)) != NULL)
+            test->extra_data = strdup(j_p->valuestring);
+-       if ((j_p = cJSON_GetObjectItem(j, "congestion")) != NULL)
+       if ((j_p = iperf_cJSON_GetObjectItemType(j, "congestion", cJSON_String)) != NULL)
+            test->congestion = strdup(j_p->valuestring);
+-       if ((j_p = cJSON_GetObjectItem(j, "congestion_used")) != NULL)
+       if ((j_p = iperf_cJSON_GetObjectItemType(j, "congestion_used", cJSON_String)) != NULL)
+            test->congestion_used = strdup(j_p->valuestring);
+-       if ((j_p = cJSON_GetObjectItem(j, "get_server_output")) != NULL)
+       if ((j_p = iperf_cJSON_GetObjectItemType(j, "get_server_output", cJSON_Number)) != NULL)
+            iperf_set_test_get_server_output(test, 1);
+-       if ((j_p = cJSON_GetObjectItem(j, "udp_counters_64bit")) != NULL)
+       if ((j_p = iperf_cJSON_GetObjectItemType(j, "udp_counters_64bit", cJSON_Number)) != NULL)
+            iperf_set_test_udp_counters_64bit(test, 1);
+-       if ((j_p = cJSON_GetObjectItem(j, "repeating_payload")) != NULL)
+       if ((j_p = iperf_cJSON_GetObjectItemType(j, "repeating_payload", cJSON_Number)) != NULL)
+            test->repeating_payload = 1;
+-       if ((j_p = cJSON_GetObjectItem(j, "zerocopy")) != NULL)
+       if ((j_p = iperf_cJSON_GetObjectItemType(j, "zerocopy", cJSON_Number)) != NULL)
+            test->zerocopy = j_p->valueint;
+ #if defined(HAVE_DONT_FRAGMENT)
+-       if ((j_p = cJSON_GetObjectItem(j, "dont_fragment")) != NULL)
+       if ((j_p = iperf_cJSON_GetObjectItemType(j, "dont_fragment", cJSON_Number)) != NULL)
+            test->settings->dont_fragment = j_p->valueint;
+ #endif /* HAVE_DONT_FRAGMENT */
+ #if defined(HAVE_SSL)
+-       if ((j_p = cJSON_GetObjectItem(j, "authtoken")) != NULL)
+       if ((j_p = iperf_cJSON_GetObjectItemType(j, "authtoken", cJSON_String)) != NULL)
+         test->settings->authtoken = strdup(j_p->valuestring);
+ #endif //HAVE_SSL
+        if (test->mode && test->protocol->id == Ptcp && has_tcpinfo_retransmits())
+@@ -2488,10 +2488,10 @@ get_results(struct iperf_test *test)
+        i_errno = IERECVRESULTS;
+         r = -1;
+     } else {
+-       j_cpu_util_total = cJSON_GetObjectItem(j, "cpu_util_total");
+-       j_cpu_util_user = cJSON_GetObjectItem(j, "cpu_util_user");
+-       j_cpu_util_system = cJSON_GetObjectItem(j, "cpu_util_system");
+-       j_sender_has_retransmits = cJSON_GetObjectItem(j, "sender_has_retransmits");
+       j_cpu_util_total = iperf_cJSON_GetObjectItemType(j, "cpu_util_total", cJSON_Number);
+       j_cpu_util_user = iperf_cJSON_GetObjectItemType(j, "cpu_util_user", cJSON_Number);
+       j_cpu_util_system = iperf_cJSON_GetObjectItemType(j, "cpu_util_system", cJSON_Number);
+       j_sender_has_retransmits = iperf_cJSON_GetObjectItemType(j, "sender_has_retransmits", cJSON_Number);
+        if (j_cpu_util_total == NULL || j_cpu_util_user == NULL || j_cpu_util_system == NULL || j_sender_has_retransmits == NULL) {
+            i_errno = IERECVRESULTS;
+            r = -1;
+@@ -2513,7 +2513,7 @@ get_results(struct iperf_test *test)
+            else if ( test->mode == BIDIRECTIONAL )
+                test->other_side_has_retransmits = result_has_retransmits;
+ 
+-           j_streams = cJSON_GetObjectItem(j, "streams");
+           j_streams = iperf_cJSON_GetObjectItemType(j, "streams", cJSON_Array);
+            if (j_streams == NULL) {
+                i_errno = IERECVRESULTS;
+                r = -1;
+@@ -2525,16 +2525,16 @@ get_results(struct iperf_test *test)
+                        i_errno = IERECVRESULTS;
+                        r = -1;
+                    } else {
+-                       j_id = cJSON_GetObjectItem(j_stream, "id");
+-                       j_bytes = cJSON_GetObjectItem(j_stream, "bytes");
+-                       j_retransmits = cJSON_GetObjectItem(j_stream, "retransmits");
+-                       j_jitter = cJSON_GetObjectItem(j_stream, "jitter");
+-                       j_errors = cJSON_GetObjectItem(j_stream, "errors");
+-                        j_omitted_errors = cJSON_GetObjectItem(j_stream, "omitted_errors");
+-                       j_packets = cJSON_GetObjectItem(j_stream, "packets");
+-                        j_omitted_packets = cJSON_GetObjectItem(j_stream, "omitted_packets");
+-                       j_start_time = cJSON_GetObjectItem(j_stream, "start_time");
+-                       j_end_time = cJSON_GetObjectItem(j_stream, "end_time");
+                       j_id = iperf_cJSON_GetObjectItemType(j_stream, "id", cJSON_Number);
+                       j_bytes = iperf_cJSON_GetObjectItemType(j_stream, "bytes", cJSON_Number);
+                       j_retransmits = iperf_cJSON_GetObjectItemType(j_stream, "retransmits", cJSON_Number);
+                       j_jitter = iperf_cJSON_GetObjectItemType(j_stream, "jitter", cJSON_Number);
+                       j_errors = iperf_cJSON_GetObjectItemType(j_stream, "errors", cJSON_Number);
+                        j_omitted_errors = iperf_cJSON_GetObjectItemType(j_stream, "omitted_errors", cJSON_Number);
+                       j_packets = iperf_cJSON_GetObjectItemType(j_stream, "packets", cJSON_Number);
+                        j_omitted_packets = iperf_cJSON_GetObjectItemType(j_stream, "omitted_packets", cJSON_Number);
+                       j_start_time = iperf_cJSON_GetObjectItemType(j_stream, "start_time", cJSON_Number);
+                       j_end_time = iperf_cJSON_GetObjectItemType(j_stream, "end_time", cJSON_Number);
+                        if (j_id == NULL || j_bytes == NULL || j_retransmits == NULL || j_jitter == NULL || j_errors == NULL || j_packets == NULL) {
+                            i_errno = IERECVRESULTS;
+                            r = -1;
+@@ -2623,7 +2623,7 @@ get_results(struct iperf_test *test)
+                    }
+                    else {
+                        /* No JSON, look for textual output.  Make a copy of the text for later. */
+-                       j_server_output = cJSON_GetObjectItem(j, "server_output_text");
+                       j_server_output = iperf_cJSON_GetObjectItemType(j, "server_output_text", cJSON_String);
+                        if (j_server_output != NULL) {
+                            test->server_output_text = strdup(j_server_output->valuestring);
+                        }
+@@ -2632,7 +2632,7 @@ get_results(struct iperf_test *test)
+            }
+        }
+ 
+-       j_remote_congestion_used = cJSON_GetObjectItem(j, "congestion_used");
+       j_remote_congestion_used = iperf_cJSON_GetObjectItemType(j, "congestion_used", cJSON_String);
+        if (j_remote_congestion_used != NULL) {
+            test->remote_congestion_used = strdup(j_remote_congestion_used->valuestring);
+        }
+diff --git a/src/iperf_error.c b/src/iperf_error.c
+index f7cae63..d8676dc 100644
+--- a/src/iperf_error.c
+++ b/src/iperf_error.c
+@@ -60,7 +60,7 @@ iperf_err(struct iperf_test *test, const char *format, ...)
+     if (test != NULL && test->json_output && test->json_top != NULL)
+        cJSON_AddStringToObject(test->json_top, "error", str);
+     else {
+-       if (test && test->outfile && test->outfile != stdout) {
+       if (test != NULL && test->outfile != NULL && test->outfile != stdout) {
+            if (ct) {
+                fprintf(test->outfile, "%s", ct);
+            }
+diff --git a/src/iperf_util.c b/src/iperf_util.c
+index d5795ee..9f1ff33 100644
+--- a/src/iperf_util.c
+++ b/src/iperf_util.c
+@@ -420,6 +420,42 @@ iperf_json_printf(const char *format, ...)
+     return o;
+ }
+ 
+/********************** cJSON GetObjectItem w/ Type Helper ********************/
+cJSON * iperf_cJSON_GetObjectItemType(cJSON * j, char * item_string, int expected_type){
+    cJSON *j_p;
+    if((j_p = cJSON_GetObjectItem(j, item_string)) != NULL)
+        switch(expected_type){
+        case cJSON_True:
+            if(cJSON_IsBool(j_p))
+                return j_p;
+            else
+                iperf_err(NULL, "iperf_cJSON_GetObjectItemType mismatch %s", item_string);
+            break;
+        case cJSON_String:
+            if(cJSON_IsString(j_p))
+                return j_p;
+            else
+                iperf_err(NULL, "iperf_cJSON_GetObjectItemType mismatch %s", item_string);
+            break;
+        case cJSON_Number:
+            if(cJSON_IsNumber(j_p))
+                return j_p;
+            else
+                iperf_err(NULL, "iperf_cJSON_GetObjectItemType mismatch %s", item_string);
+            break;
+        case cJSON_Array:
+            if(cJSON_IsArray(j_p))
+                return j_p;
+            else
+                iperf_err(NULL, "iperf_cJSON_GetObjectItemType mismatch %s", item_string);
+            break;
+        default:
+            iperf_err(NULL, "unsupported type");
+       }
+
+    return NULL;
+}
+
+ /* Debugging routine to dump out an fd_set. */
+ void
+ iperf_dump_fdset(FILE *fp, const char *str, int nfds, fd_set *fds)
+diff --git a/src/iperf_util.h b/src/iperf_util.h
+index b109af2..c39a1f7 100644
+--- a/src/iperf_util.h
+++ b/src/iperf_util.h
+@@ -53,6 +53,7 @@ const char* get_system_info(void);
+ const char* get_optional_features(void);
+ 
+ cJSON* iperf_json_printf(const char *format, ...);
+cJSON * iperf_cJSON_GetObjectItemType(cJSON * j_p, char * item_string, int expected_type);
+ 
+ void iperf_dump_fdset(FILE *fp, const char *str, int nfds, fd_set *fds);
+ 
+-- 
+2.40.0
diff --git a/meta-oe/recipes-benchmark/iperf3/iperf3_3.14.bb b/meta-oe/recipes-benchmark/iperf3/iperf3_3.14.bb
index e8848ccebe..e93434fbf9 100644
--- a/meta-oe/recipes-benchmark/iperf3/iperf3_3.14.bb
+++ b/meta-oe/recipes-benchmark/iperf3/iperf3_3.14.bb
@@ -20,6 +20,7 @@ SRC_URI = "git://github.com/esnet/iperf.git;branch=master;protocol=https \
           file://CVE-2025-54349.patch \
           file://CVE-2023-7250.patch \
           file://CVE-2024-26306.patch \
+           file://CVE-2024-53580.patch \
           "
 SRCREV = "a0be85934144bc04712a6695b14ea6e45c379e1d"
author	Soumya Sambu <soumya.sambu@windriver.com>	2025-09-26 17:14:30 +0530
committer	Gyorgy Sarvari <skandigraun@gmail.com>	2025-09-26 15:13:03 +0200
commit	df818896067ccd23e9daa350c8bd5eca2c5edd63 (patch)
tree	472a6c3de65cf3bad51036ee33ef8389f04cd74f
parent	b8333d7c6f794b314a6ea09645aff4be6c32b6d9 (diff)
download	meta-openembedded-df818896067ccd23e9daa350c8bd5eca2c5edd63.tar.gz

diff --git a/meta-oe/recipes-benchmark/iperf3/iperf3/CVE-2024-53580.patch b/meta-oe/recipes-benchmark/iperf3/iperf3/CVE-2024-53580.patch new file mode 100644 index 0000000000..99ef69aea0 --- /dev/null +++ b/meta-oe/recipes-benchmark/iperf3/iperf3/CVE-2024-53580.patch
@@ -0,0 +1,276 @@
		1	From 3f66f604df7f1038a49108c48612c2f4fe71331f Mon Sep 17 00:00:00 2001
		2	From: Sarah Larsen <swlarsen@es.net>
		3	Date: Fri, 15 Nov 2024 23:23:05 +0000
		4	Subject: [PATCH] Add a variant of cJSON_GetObjectItem that does type-checking.
		5
		6	This avoids a potential server crash with malformed iperf3
		7	parameter sets. (CVE-2024-53580)
		8
		9	Vulnerability report submitted by Leonid Krolle Bi.Zone.
		10
		11	Original version of fix by @dopheide-esnet.
		12
		13	CVE: CVE-2024-53580
		14
		15	Upstream-Status: Backport [https://github.com/esnet/iperf/commit/3f66f604df7f1038a49108c48612c2f4fe71331f]
		16
		17	Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
		18	---
		19	src/iperf_api.c \| 96 +++++++++++++++++++++++------------------------
		20	src/iperf_error.c \| 2 +-
		21	src/iperf_util.c \| 36 ++++++++++++++++++
		22	src/iperf_util.h \| 1 +
		23	4 files changed, 86 insertions(+), 49 deletions(-)
		24
		25	diff --git a/src/iperf_api.c b/src/iperf_api.c
		26	index 3915884..786af29 100644
		27	--- a/src/iperf_api.c
		28	+++ b/src/iperf_api.c
		29	@@ -2264,72 +2264,72 @@ get_parameters(struct iperf_test *test)
		30	cJSON_free(str);
		31	}
		32
		33	- if ((j_p = cJSON_GetObjectItem(j, "tcp")) != NULL)
		34	+ if ((j_p = iperf_cJSON_GetObjectItemType(j, "tcp", cJSON_True)) != NULL)
		35	set_protocol(test, Ptcp);
		36	- if ((j_p = cJSON_GetObjectItem(j, "udp")) != NULL)
		37	+ if ((j_p = iperf_cJSON_GetObjectItemType(j, "udp", cJSON_True)) != NULL)
		38	set_protocol(test, Pudp);
		39	- if ((j_p = cJSON_GetObjectItem(j, "sctp")) != NULL)
		40	+ if ((j_p = iperf_cJSON_GetObjectItemType(j, "sctp", cJSON_True)) != NULL)
		41	set_protocol(test, Psctp);
		42	- if ((j_p = cJSON_GetObjectItem(j, "omit")) != NULL)
		43	+ if ((j_p = iperf_cJSON_GetObjectItemType(j, "omit", cJSON_Number)) != NULL)
		44	test->omit = j_p->valueint;
		45	- if ((j_p = cJSON_GetObjectItem(j, "server_affinity")) != NULL)
		46	+ if ((j_p = iperf_cJSON_GetObjectItemType(j, "server_affinity", cJSON_Number)) != NULL)
		47	test->server_affinity = j_p->valueint;
		48	- if ((j_p = cJSON_GetObjectItem(j, "time")) != NULL)
		49	+ if ((j_p = iperf_cJSON_GetObjectItemType(j, "time", cJSON_Number)) != NULL)
		50	test->duration = j_p->valueint;
		51	test->settings->bytes = 0;
		52	- if ((j_p = cJSON_GetObjectItem(j, "num")) != NULL)
		53	+ if ((j_p = iperf_cJSON_GetObjectItemType(j, "num", cJSON_Number)) != NULL)
		54	test->settings->bytes = j_p->valueint;
		55	test->settings->blocks = 0;
		56	- if ((j_p = cJSON_GetObjectItem(j, "blockcount")) != NULL)
		57	+ if ((j_p = iperf_cJSON_GetObjectItemType(j, "blockcount", cJSON_Number)) != NULL)
		58	test->settings->blocks = j_p->valueint;
		59	- if ((j_p = cJSON_GetObjectItem(j, "MSS")) != NULL)
		60	+ if ((j_p = iperf_cJSON_GetObjectItemType(j, "MSS", cJSON_Number)) != NULL)
		61	test->settings->mss = j_p->valueint;
		62	- if ((j_p = cJSON_GetObjectItem(j, "nodelay")) != NULL)
		63	+ if ((j_p = iperf_cJSON_GetObjectItemType(j, "nodelay", cJSON_True)) != NULL)
		64	test->no_delay = 1;
		65	- if ((j_p = cJSON_GetObjectItem(j, "parallel")) != NULL)
		66	+ if ((j_p = iperf_cJSON_GetObjectItemType(j, "parallel", cJSON_Number)) != NULL)
		67	test->num_streams = j_p->valueint;
		68	- if ((j_p = cJSON_GetObjectItem(j, "reverse")) != NULL)
		69	+ if ((j_p = iperf_cJSON_GetObjectItemType(j, "reverse", cJSON_True)) != NULL)
		70	iperf_set_test_reverse(test, 1);
		71	- if ((j_p = cJSON_GetObjectItem(j, "bidirectional")) != NULL)
		72	+ if ((j_p = iperf_cJSON_GetObjectItemType(j, "bidirectional", cJSON_True)) != NULL)
		73	iperf_set_test_bidirectional(test, 1);
		74	- if ((j_p = cJSON_GetObjectItem(j, "window")) != NULL)
		75	+ if ((j_p = iperf_cJSON_GetObjectItemType(j, "window", cJSON_Number)) != NULL)
		76	test->settings->socket_bufsize = j_p->valueint;
		77	- if ((j_p = cJSON_GetObjectItem(j, "len")) != NULL)
		78	+ if ((j_p = iperf_cJSON_GetObjectItemType(j, "len", cJSON_Number)) != NULL)
		79	test->settings->blksize = j_p->valueint;
		80	- if ((j_p = cJSON_GetObjectItem(j, "bandwidth")) != NULL)
		81	+ if ((j_p = iperf_cJSON_GetObjectItemType(j, "bandwidth", cJSON_Number)) != NULL)
		82	test->settings->rate = j_p->valueint;
		83	- if ((j_p = cJSON_GetObjectItem(j, "fqrate")) != NULL)
		84	+ if ((j_p = iperf_cJSON_GetObjectItemType(j, "fqrate", cJSON_Number)) != NULL)
		85	test->settings->fqrate = j_p->valueint;
		86	- if ((j_p = cJSON_GetObjectItem(j, "pacing_timer")) != NULL)
		87	+ if ((j_p = iperf_cJSON_GetObjectItemType(j, "pacing_timer", cJSON_Number)) != NULL)
		88	test->settings->pacing_timer = j_p->valueint;
		89	- if ((j_p = cJSON_GetObjectItem(j, "burst")) != NULL)
		90	+ if ((j_p = iperf_cJSON_GetObjectItemType(j, "burst", cJSON_Number)) != NULL)
		91	test->settings->burst = j_p->valueint;
		92	- if ((j_p = cJSON_GetObjectItem(j, "TOS")) != NULL)
		93	+ if ((j_p = iperf_cJSON_GetObjectItemType(j, "TOS", cJSON_Number)) != NULL)
		94	test->settings->tos = j_p->valueint;
		95	- if ((j_p = cJSON_GetObjectItem(j, "flowlabel")) != NULL)
		96	+ if ((j_p = iperf_cJSON_GetObjectItemType(j, "flowlabel", cJSON_Number)) != NULL)
		97	test->settings->flowlabel = j_p->valueint;
		98	- if ((j_p = cJSON_GetObjectItem(j, "title")) != NULL)
		99	+ if ((j_p = iperf_cJSON_GetObjectItemType(j, "title", cJSON_String)) != NULL)
		100	test->title = strdup(j_p->valuestring);
		101	- if ((j_p = cJSON_GetObjectItem(j, "extra_data")) != NULL)
		102	+ if ((j_p = iperf_cJSON_GetObjectItemType(j, "extra_data", cJSON_String)) != NULL)
		103	test->extra_data = strdup(j_p->valuestring);
		104	- if ((j_p = cJSON_GetObjectItem(j, "congestion")) != NULL)
		105	+ if ((j_p = iperf_cJSON_GetObjectItemType(j, "congestion", cJSON_String)) != NULL)
		106	test->congestion = strdup(j_p->valuestring);
		107	- if ((j_p = cJSON_GetObjectItem(j, "congestion_used")) != NULL)
		108	+ if ((j_p = iperf_cJSON_GetObjectItemType(j, "congestion_used", cJSON_String)) != NULL)
		109	test->congestion_used = strdup(j_p->valuestring);
		110	- if ((j_p = cJSON_GetObjectItem(j, "get_server_output")) != NULL)
		111	+ if ((j_p = iperf_cJSON_GetObjectItemType(j, "get_server_output", cJSON_Number)) != NULL)
		112	iperf_set_test_get_server_output(test, 1);
		113	- if ((j_p = cJSON_GetObjectItem(j, "udp_counters_64bit")) != NULL)
		114	+ if ((j_p = iperf_cJSON_GetObjectItemType(j, "udp_counters_64bit", cJSON_Number)) != NULL)
		115	iperf_set_test_udp_counters_64bit(test, 1);
		116	- if ((j_p = cJSON_GetObjectItem(j, "repeating_payload")) != NULL)
		117	+ if ((j_p = iperf_cJSON_GetObjectItemType(j, "repeating_payload", cJSON_Number)) != NULL)
		118	test->repeating_payload = 1;
		119	- if ((j_p = cJSON_GetObjectItem(j, "zerocopy")) != NULL)
		120	+ if ((j_p = iperf_cJSON_GetObjectItemType(j, "zerocopy", cJSON_Number)) != NULL)
		121	test->zerocopy = j_p->valueint;
		122	#if defined(HAVE_DONT_FRAGMENT)
		123	- if ((j_p = cJSON_GetObjectItem(j, "dont_fragment")) != NULL)
		124	+ if ((j_p = iperf_cJSON_GetObjectItemType(j, "dont_fragment", cJSON_Number)) != NULL)
		125	test->settings->dont_fragment = j_p->valueint;
		126	#endif /* HAVE_DONT_FRAGMENT */
		127	#if defined(HAVE_SSL)
		128	- if ((j_p = cJSON_GetObjectItem(j, "authtoken")) != NULL)
		129	+ if ((j_p = iperf_cJSON_GetObjectItemType(j, "authtoken", cJSON_String)) != NULL)
		130	test->settings->authtoken = strdup(j_p->valuestring);
		131	#endif //HAVE_SSL
		132	if (test->mode && test->protocol->id == Ptcp && has_tcpinfo_retransmits())
		133	@@ -2488,10 +2488,10 @@ get_results(struct iperf_test *test)
		134	i_errno = IERECVRESULTS;
		135	r = -1;
		136	} else {
		137	- j_cpu_util_total = cJSON_GetObjectItem(j, "cpu_util_total");
		138	- j_cpu_util_user = cJSON_GetObjectItem(j, "cpu_util_user");
		139	- j_cpu_util_system = cJSON_GetObjectItem(j, "cpu_util_system");
		140	- j_sender_has_retransmits = cJSON_GetObjectItem(j, "sender_has_retransmits");
		141	+ j_cpu_util_total = iperf_cJSON_GetObjectItemType(j, "cpu_util_total", cJSON_Number);
		142	+ j_cpu_util_user = iperf_cJSON_GetObjectItemType(j, "cpu_util_user", cJSON_Number);
		143	+ j_cpu_util_system = iperf_cJSON_GetObjectItemType(j, "cpu_util_system", cJSON_Number);
		144	+ j_sender_has_retransmits = iperf_cJSON_GetObjectItemType(j, "sender_has_retransmits", cJSON_Number);
		145	if (j_cpu_util_total == NULL \|\| j_cpu_util_user == NULL \|\| j_cpu_util_system == NULL \|\| j_sender_has_retransmits == NULL) {
		146	i_errno = IERECVRESULTS;
		147	r = -1;
		148	@@ -2513,7 +2513,7 @@ get_results(struct iperf_test *test)
		149	else if ( test->mode == BIDIRECTIONAL )
		150	test->other_side_has_retransmits = result_has_retransmits;
		151
		152	- j_streams = cJSON_GetObjectItem(j, "streams");
		153	+ j_streams = iperf_cJSON_GetObjectItemType(j, "streams", cJSON_Array);
		154	if (j_streams == NULL) {
		155	i_errno = IERECVRESULTS;
		156	r = -1;
		157	@@ -2525,16 +2525,16 @@ get_results(struct iperf_test *test)
		158	i_errno = IERECVRESULTS;
		159	r = -1;
		160	} else {
		161	- j_id = cJSON_GetObjectItem(j_stream, "id");
		162	- j_bytes = cJSON_GetObjectItem(j_stream, "bytes");
		163	- j_retransmits = cJSON_GetObjectItem(j_stream, "retransmits");
		164	- j_jitter = cJSON_GetObjectItem(j_stream, "jitter");
		165	- j_errors = cJSON_GetObjectItem(j_stream, "errors");
		166	- j_omitted_errors = cJSON_GetObjectItem(j_stream, "omitted_errors");
		167	- j_packets = cJSON_GetObjectItem(j_stream, "packets");
		168	- j_omitted_packets = cJSON_GetObjectItem(j_stream, "omitted_packets");
		169	- j_start_time = cJSON_GetObjectItem(j_stream, "start_time");
		170	- j_end_time = cJSON_GetObjectItem(j_stream, "end_time");
		171	+ j_id = iperf_cJSON_GetObjectItemType(j_stream, "id", cJSON_Number);
		172	+ j_bytes = iperf_cJSON_GetObjectItemType(j_stream, "bytes", cJSON_Number);
		173	+ j_retransmits = iperf_cJSON_GetObjectItemType(j_stream, "retransmits", cJSON_Number);
		174	+ j_jitter = iperf_cJSON_GetObjectItemType(j_stream, "jitter", cJSON_Number);
		175	+ j_errors = iperf_cJSON_GetObjectItemType(j_stream, "errors", cJSON_Number);
		176	+ j_omitted_errors = iperf_cJSON_GetObjectItemType(j_stream, "omitted_errors", cJSON_Number);
		177	+ j_packets = iperf_cJSON_GetObjectItemType(j_stream, "packets", cJSON_Number);
		178	+ j_omitted_packets = iperf_cJSON_GetObjectItemType(j_stream, "omitted_packets", cJSON_Number);
		179	+ j_start_time = iperf_cJSON_GetObjectItemType(j_stream, "start_time", cJSON_Number);
		180	+ j_end_time = iperf_cJSON_GetObjectItemType(j_stream, "end_time", cJSON_Number);
		181	if (j_id == NULL \|\| j_bytes == NULL \|\| j_retransmits == NULL \|\| j_jitter == NULL \|\| j_errors == NULL \|\| j_packets == NULL) {
		182	i_errno = IERECVRESULTS;
		183	r = -1;
		184	@@ -2623,7 +2623,7 @@ get_results(struct iperf_test *test)
		185	}
		186	else {
		187	/* No JSON, look for textual output. Make a copy of the text for later. */
		188	- j_server_output = cJSON_GetObjectItem(j, "server_output_text");
		189	+ j_server_output = iperf_cJSON_GetObjectItemType(j, "server_output_text", cJSON_String);
		190	if (j_server_output != NULL) {
		191	test->server_output_text = strdup(j_server_output->valuestring);
		192	}
		193	@@ -2632,7 +2632,7 @@ get_results(struct iperf_test *test)
		194	}
		195	}
		196
		197	- j_remote_congestion_used = cJSON_GetObjectItem(j, "congestion_used");
		198	+ j_remote_congestion_used = iperf_cJSON_GetObjectItemType(j, "congestion_used", cJSON_String);
		199	if (j_remote_congestion_used != NULL) {
		200	test->remote_congestion_used = strdup(j_remote_congestion_used->valuestring);
		201	}
		202	diff --git a/src/iperf_error.c b/src/iperf_error.c
		203	index f7cae63..d8676dc 100644
		204	--- a/src/iperf_error.c
		205	+++ b/src/iperf_error.c
		206	@@ -60,7 +60,7 @@ iperf_err(struct iperf_test test, const char format, ...)
		207	if (test != NULL && test->json_output && test->json_top != NULL)
		208	cJSON_AddStringToObject(test->json_top, "error", str);
		209	else {
		210	- if (test && test->outfile && test->outfile != stdout) {
		211	+ if (test != NULL && test->outfile != NULL && test->outfile != stdout) {
		212	if (ct) {
		213	fprintf(test->outfile, "%s", ct);
		214	}
		215	diff --git a/src/iperf_util.c b/src/iperf_util.c
		216	index d5795ee..9f1ff33 100644
		217	--- a/src/iperf_util.c
		218	+++ b/src/iperf_util.c
		219	@@ -420,6 +420,42 @@ iperf_json_printf(const char *format, ...)
		220	return o;
		221	}
		222
		223	+/******************** cJSON GetObjectItem w/ Type Helper ******************/
		224	+cJSON * iperf_cJSON_GetObjectItemType(cJSON * j, char * item_string, int expected_type){
		225	+ cJSON *j_p;
		226	+ if((j_p = cJSON_GetObjectItem(j, item_string)) != NULL)
		227	+ switch(expected_type){
		228	+ case cJSON_True:
		229	+ if(cJSON_IsBool(j_p))
		230	+ return j_p;
		231	+ else
		232	+ iperf_err(NULL, "iperf_cJSON_GetObjectItemType mismatch %s", item_string);
		233	+ break;
		234	+ case cJSON_String:
		235	+ if(cJSON_IsString(j_p))
		236	+ return j_p;
		237	+ else
		238	+ iperf_err(NULL, "iperf_cJSON_GetObjectItemType mismatch %s", item_string);
		239	+ break;
		240	+ case cJSON_Number:
		241	+ if(cJSON_IsNumber(j_p))
		242	+ return j_p;
		243	+ else
		244	+ iperf_err(NULL, "iperf_cJSON_GetObjectItemType mismatch %s", item_string);
		245	+ break;
		246	+ case cJSON_Array:
		247	+ if(cJSON_IsArray(j_p))
		248	+ return j_p;
		249	+ else
		250	+ iperf_err(NULL, "iperf_cJSON_GetObjectItemType mismatch %s", item_string);
		251	+ break;
		252	+ default:
		253	+ iperf_err(NULL, "unsupported type");
		254	+ }
		255	+
		256	+ return NULL;
		257	+}
		258	+
		259	/* Debugging routine to dump out an fd_set. */
		260	void
		261	iperf_dump_fdset(FILE fp, const char str, int nfds, fd_set *fds)
		262	diff --git a/src/iperf_util.h b/src/iperf_util.h
		263	index b109af2..c39a1f7 100644
		264	--- a/src/iperf_util.h
		265	+++ b/src/iperf_util.h
		266	@@ -53,6 +53,7 @@ const char* get_system_info(void);
		267	const char* get_optional_features(void);
		268
		269	cJSON* iperf_json_printf(const char *format, ...);
		270	+cJSON * iperf_cJSON_GetObjectItemType(cJSON * j_p, char * item_string, int expected_type);
		271
		272	void iperf_dump_fdset(FILE fp, const char str, int nfds, fd_set *fds);
		273
		274	--
		275	2.40.0
		276


diff --git a/meta-oe/recipes-benchmark/iperf3/iperf3_3.14.bb b/meta-oe/recipes-benchmark/iperf3/iperf3_3.14.bb index e8848ccebe..e93434fbf9 100644 --- a/meta-oe/recipes-benchmark/iperf3/iperf3_3.14.bb +++ b/meta-oe/recipes-benchmark/iperf3/iperf3_3.14.bb
@@ -20,6 +20,7 @@ SRC_URI = "git://github.com/esnet/iperf.git;branch=master;protocol=https \
20	file://CVE-2025-54349.patch \	20	file://CVE-2025-54349.patch \
21	file://CVE-2023-7250.patch \	21	file://CVE-2023-7250.patch \
22	file://CVE-2024-26306.patch \	22	file://CVE-2024-26306.patch \
		23	file://CVE-2024-53580.patch \
23	"	24	"
24		25
25	SRCREV = "a0be85934144bc04712a6695b14ea6e45c379e1d"	26	SRCREV = "a0be85934144bc04712a6695b14ea6e45c379e1d"