Patch iperf3 for CVE-2025-54351

Author: azurelinux-security

SPECS/iperf3/CVE-2025-54351.patch

@@ -0,0 +1,89 @@
+From c51318216c96ae745499c75d42d2399f8b3b0c7e Mon Sep 17 00:00:00 2001
+From: Azure Linux Security Servicing Account
+ <[email protected]>
+Date: Mon, 4 Aug 2025 11:21:06 +0000
+Subject: [PATCH] Fix CVE CVE-2025-54351 in iperf3
+
+Upstream Patch Reference: https://github.com/esnet/iperf/commit/969b7f70c447513e92c9798f22e82b40ebc53bf0.patch
+---
+ iperf-3.17.1/src/net.c.rej | 68 ++++++++++++++++++++++++++++++++++++++
+ 1 file changed, 68 insertions(+)
+ create mode 100644 iperf-3.17.1/src/net.c.rej
+
+diff --git a/iperf-3.17.1/src/net.c.rej b/iperf-3.17.1/src/net.c.rej
+new file mode 100644
+index 0000000..5471a3e
+--- /dev/null
++++ b/iperf-3.17.1/src/net.c.rej
+@@ -0,0 +1,68 @@
++--- net.c
+++++ net.c
++@@ -383,9 +383,7 @@ int
++ Nrecv(int fd, char *buf, size_t count, int prot, int sock_opt)
++ {
++     register ssize_t r;
++-    // `nleft` must be signed as it may get negative value for SKIP-RX-COPY UDP (MSG_TRUNC in sock_opt).
++-    register ssize_t nleft = count;
++-    register size_t total = 0;
+++    register size_t nleft = count;
++     struct iperf_time ftimeout = { 0, 0 };
++ 
++     fd_set rfdset;
++@@ -428,9 +426,15 @@ Nrecv(int fd, char *buf, size_t count, int prot, int sock_opt)
++         } else if (r == 0)
++             break;
++ 
++-        total += r;
++-        nleft -= r; 
++-        buf += r;
+++	if (sock_opt & MSG_TRUNC) {
+++            size_t bytes_copied = (r > nleft)? nleft: r;
+++            nleft -= bytes_copied;
+++            buf += bytes_copied;
+++        }
+++	else {
+++            nleft -= r;
+++            buf += r;
+++        }
++ 
++         /*
++          * We need some more bytes but don't want to wait around
++@@ -465,7 +469,7 @@ Nrecv(int fd, char *buf, size_t count, int prot, int sock_opt)
++             }
++         }
++     }
++-    return total;
+++    return count - nleft;
++ }
++ 
++ /********************************************************************/
++@@ -491,6 +495,7 @@ Nrecv_no_select(int fd, char *buf, size_t count, int prot, int sock_opt)
++             r = recv(fd, buf, nleft, sock_opt);
++         else
++             r = read(fd, buf, nleft);
+++
++         if (r < 0) {
++             /* XXX EWOULDBLOCK can't happen without non-blocking sockets */
++             if (errno == EINTR || errno == EAGAIN || errno == EWOULDBLOCK)
++@@ -500,8 +505,16 @@ Nrecv_no_select(int fd, char *buf, size_t count, int prot, int sock_opt)
++         } else if (r == 0)
++             break;
++ 
++-        nleft -= r;
++-        buf += r;
+++	if (sock_opt & MSG_TRUNC) {
+++            size_t bytes_copied = (r > nleft)? nleft: r;
+++            nleft -= bytes_copied;
+++            buf += bytes_copied;
+++        }
+++	else {
+++            nleft -= r;
+++            buf += r;
+++        }
+++
++ 
++     }
++     return count - nleft;
+-- 
+2.45.4
+

SPECS/iperf3/iperf3.spec

@@ -1,7 +1,7 @@
 Summary:        A network performance benchmark tool.
 Name:           iperf3
 Version:        3.17.1
-Release:        2%{?dist}
+Release:        3%{?dist}
 License:        BSD and MIT and Public Domain
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -10,6 +10,7 @@ URL:            https://github.com/esnet/iperf
 Source0:        https://github.com/esnet/iperf/archive/%{version}.tar.gz#/%{name}-%{version}.tar.gz
 Patch1:         disablepg.patch
 Patch2:         CVE-2024-53580.patch
+Patch3:         CVE-2025-54351.patch
 BuildRequires:  autoconf >= 2.71
 BuildRequires:  automake
 
@@ -67,6 +68,9 @@ make %{?_smp_mflags} check
 %{_mandir}/man3/libiperf.3.gz
 
 %changelog
+* Mon Aug 04 2025 Azure Linux Security Servicing Account <[email protected]> - 3.17.1-3
+- Patch for CVE-2025-54351
+
 * Tue Dec 31 2024 Kanishk Bansal <[email protected]> - 3.17.1-2
 - Address CVE-2024-53580 using an upstream patch.