Bug 494850 - [RHEL5] inet6_rth_add() returns 0 even when the routing header does not have enough space to store an address
[RHEL5] inet6_rth_add() returns 0 even when the routing header does not have ...
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: glibc (Show other bugs)
All Linux
medium Severity medium
: rc
: ---
Assigned To: Jakub Jelinek
Depends On:
  Show dependency treegraph
Reported: 2009-04-08 07:35 EDT by Olivier Fourdan
Modified: 2016-11-24 11:03 EST (History)
6 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2009-09-02 07:45:38 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Reproducer program (1.12 KB, text/plain)
2009-04-08 07:35 EDT, Olivier Fourdan
no flags Details
Proposed patch (552 bytes, patch)
2009-04-08 07:36 EDT, Olivier Fourdan
no flags Details | Diff

  None (edit)
Description Olivier Fourdan 2009-04-08 07:35:27 EDT
Created attachment 338696 [details]
Reproducer program

Description of problem:

The glibc function inet6_rth_add() returns 0 even when the routing header does not have enough space to store an address, According to RFC 3542, it should return -1 upon failure:

 RFC 3542
 7.3.  inet6_rth_add

     int inet6_rth_add(void *bp, const struct in6_addr *addr);

   This function adds the IPv6 address pointed to by addr to the end of
   the Routing header being constructed.

   If successful, the segleft member of the Routing Header is updated to
   account for the new address in the Routing header and the return
   value of the function is 0.  Upon an error the return value of the
   function is -1.

Version-Release number of selected component (if applicable):


How reproducible:

100% reproducible

Steps to Reproduce:

1. build the attached reproducer program:

    gcc -o router-13 router-13.c

2. run the program

Actual results:

initial routing header is :
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00
after inet6_rth_add routing header is :
00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 01

successfully added routing header, return value: 0

Expected results:

  glibc return -1 and the content of the routing header do not change.

Additional info:

This is bug #9881 upstream:


The fix is already in glibc cvs.
Comment 1 Olivier Fourdan 2009-04-08 07:36:03 EDT
Created attachment 338697 [details]
Proposed patch

Patch proposed by our customer
Comment 2 Jakub Jelinek 2009-04-10 06:58:00 EDT
2009-03-15  Ulrich Drepper  <drepper@redhat.com>

        [BZ #9881]
        * inet/inet6_rth.c (inet6_rth_add): Add some error checking.
        Patch mostly by Yang Hongyang <yanghy@cn.fujitsu.com>.
        * inet/Makefile (tests): Add tst-inet6_rth.
        * inet/tst-inet6_rth.c: New file.
Comment 6 Chris Ward 2009-07-03 14:29:33 EDT
~~ Attention - RHEL 5.4 Beta Released! ~~

RHEL 5.4 Beta has been released! There should be a fix present in the Beta release that addresses this particular request. Please test and report back results here, at your earliest convenience. RHEL 5.4 General Availability release is just around the corner!

If you encounter any issues while testing Beta, please describe the issues you have encountered and set the bug into NEED_INFO. If you encounter new issues, please clone this bug to open a new issue and request it be reviewed for inclusion in RHEL 5.4 or a later update, if it is not of urgent severity.

Please do not flip the bug status to VERIFIED. Only post your verification results, and if available, update Verified field with the appropriate value.

Questions can be posted to this bug or your customer or partner representative.
Comment 9 errata-xmlrpc 2009-09-02 07:45:38 EDT
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.


Note You need to log in before you can comment on or make changes to this bug.