Version in base suite: 3.9-1

Base version: iperf3_3.9-1
Target version: iperf3_3.9-1+deb11u1
Base file: /srv/ftp-master.debian.org/ftp/pool/main/i/iperf3/iperf3_3.9-1.dsc
Target file: /srv/ftp-master.debian.org/policy/pool/main/i/iperf3/iperf3_3.9-1+deb11u1.dsc

 changelog                                                   |    7 +
 patches/0001-Fix-memory-allocation-hazard-1542-.-1543.patch |   47 ++++++++++++
 patches/series                                              |    1 
 3 files changed, 55 insertions(+)

diff -Nru iperf3-3.9/debian/changelog iperf3-3.9/debian/changelog
--- iperf3-3.9/debian/changelog	2020-10-06 20:22:00.000000000 +0000
+++ iperf3-3.9/debian/changelog	2023-07-17 08:49:40.000000000 +0000
@@ -1,3 +1,10 @@
+iperf3 (3.9-1+deb11u1) bullseye-security; urgency=high
+
+  * Non-maintainer upload by the Security Team.
+  * Fix memory allocation hazard and crash (Closes: #1040830)
+
+ -- Aron Xu <aron@debian.org>  Mon, 17 Jul 2023 16:49:40 +0800
+
 iperf3 (3.9-1) unstable; urgency=medium
 
   * New upstream version.
diff -Nru iperf3-3.9/debian/patches/0001-Fix-memory-allocation-hazard-1542-.-1543.patch iperf3-3.9/debian/patches/0001-Fix-memory-allocation-hazard-1542-.-1543.patch
--- iperf3-3.9/debian/patches/0001-Fix-memory-allocation-hazard-1542-.-1543.patch	1970-01-01 00:00:00.000000000 +0000
+++ iperf3-3.9/debian/patches/0001-Fix-memory-allocation-hazard-1542-.-1543.patch	2023-07-17 08:49:28.000000000 +0000
@@ -0,0 +1,47 @@
+From 0ef151550d96cc4460f98832df84b4a1e87c65e9 Mon Sep 17 00:00:00 2001
+From: "Bruce A. Mah" <bmah@es.net>
+Date: Fri, 7 Jul 2023 11:35:02 -0700
+Subject: [PATCH] Fix memory allocation hazard (#1542). (#1543)
+
+Reported by:	@someusername123 on GitHub
+---
+ src/iperf_api.c | 9 ++++++++-
+ 1 file changed, 8 insertions(+), 1 deletion(-)
+
+diff --git a/src/iperf_api.c b/src/iperf_api.c
+index f2d4162..a95e024 100644
+--- a/src/iperf_api.c
++++ b/src/iperf_api.c
+@@ -2670,6 +2670,7 @@ static cJSON *
+ JSON_read(int fd)
+ {
+     uint32_t hsize, nsize;
++    size_t strsize;
+     char *str;
+     cJSON *json = NULL;
+     int rc;
+@@ -2682,7 +2683,9 @@ JSON_read(int fd)
+     if (Nread(fd, (char*) &nsize, sizeof(nsize), Ptcp) >= 0) {
+ 	hsize = ntohl(nsize);
+ 	/* Allocate a buffer to hold the JSON */
+-	str = (char *) calloc(sizeof(char), hsize+1);	/* +1 for trailing null */
++	strsize = hsize + 1;              /* +1 for trailing NULL */
++	if (strsize) {
++	str = (char *) calloc(sizeof(char), strsize);
+ 	if (str != NULL) {
+ 	    rc = Nread(fd, str, hsize, Ptcp);
+ 	    if (rc >= 0) {
+@@ -2701,6 +2704,10 @@ JSON_read(int fd)
+ 	    }
+ 	}
+ 	free(str);
++	}
++	else {
++	    printf("WARNING:  Data length overflow\n");
++	}
+     }
+     return json;
+ }
+-- 
+2.39.2
+
diff -Nru iperf3-3.9/debian/patches/series iperf3-3.9/debian/patches/series
--- iperf3-3.9/debian/patches/series	2020-01-14 07:44:09.000000000 +0000
+++ iperf3-3.9/debian/patches/series	2023-07-17 08:49:32.000000000 +0000
@@ -1 +1,2 @@
 03-sctp.patch
+0001-Fix-memory-allocation-hazard-1542-.-1543.patch