Red Hat Bugzilla – Bug 494850
[RHEL5] inet6_rth_add() returns 0 even when the routing header does not have enough space to store an address
Last modified: 2016-11-24 11:03:52 EST
Created attachment 338696 [details]
Description of problem:
The glibc function inet6_rth_add() returns 0 even when the routing header does not have enough space to store an address, According to RFC 3542, it should return -1 upon failure:
int inet6_rth_add(void *bp, const struct in6_addr *addr);
This function adds the IPv6 address pointed to by addr to the end of
the Routing header being constructed.
If successful, the segleft member of the Routing Header is updated to
account for the new address in the Routing header and the return
value of the function is 0. Upon an error the return value of the
function is -1.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. build the attached reproducer program:
gcc -o router-13 router-13.c
2. run the program
initial routing header is :
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00
after inet6_rth_add routing header is :
00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 01
successfully added routing header, return value: 0
glibc return -1 and the content of the routing header do not change.
This is bug #9881 upstream:
The fix is already in glibc cvs.
Created attachment 338697 [details]
Patch proposed by our customer
2009-03-15 Ulrich Drepper <firstname.lastname@example.org>
* inet/inet6_rth.c (inet6_rth_add): Add some error checking.
Patch mostly by Yang Hongyang <email@example.com>.
* inet/Makefile (tests): Add tst-inet6_rth.
* inet/tst-inet6_rth.c: New file.
~~ Attention - RHEL 5.4 Beta Released! ~~
RHEL 5.4 Beta has been released! There should be a fix present in the Beta release that addresses this particular request. Please test and report back results here, at your earliest convenience. RHEL 5.4 General Availability release is just around the corner!
If you encounter any issues while testing Beta, please describe the issues you have encountered and set the bug into NEED_INFO. If you encounter new issues, please clone this bug to open a new issue and request it be reviewed for inclusion in RHEL 5.4 or a later update, if it is not of urgent severity.
Please do not flip the bug status to VERIFIED. Only post your verification results, and if available, update Verified field with the appropriate value.
Questions can be posted to this bug or your customer or partner representative.
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.