14.5.2. What’s Fixed in 7.4.0

This section describes bugs fixed in Routing Service 7.4.0. These are fixes since 7.3.0 LTS.

RTI® Connext® 7.4.0 is an early access release. See the Connext Releases page on the RTI website for more information on RTI’s software release model.

For what’s new and fixed in other products in the Connext suite, see those products’ release notes on the RTI Community Portal or in your installation.

[Critical]: System-stopping issue, such as a crash or data loss.
[Major]: Significant issue with no easy workaround.
[Minor]: Issue that usually has a workaround.
[Trivial]: Small issue, such as a typo in a log.

14.5.2.1. Serialization and Deserialization

14.5.2.1.1. [Critical] Error propagating samples received using Zero Copy in a route setting <content_filter> or enabling <filter_propagation>

A route setting <content_filter> or enabling <filter_propagation> may have failed to propagate samples when the samples were received from a DataWriter using Zero Copy transfer over shared memory.

When this problem occurred, Routing Service generated the following errors:

ERROR [0x0101BE35,0x47B28D9B,0x87A311F6:0x80000004{Entity=DR,MessageKind=DATA}|RECEIVE FROM 0x0101D676,0xE92E1D8E,0x91728D11:0x80000003] DDS_DynamicData2TypePlugin_serialize:error copying CDR buffer (batching is not supported)
ERROR [0x0101BE35,0x47B28D9B,0x87A311F6:0x80000004{Entity=DR,MessageKind=DATA}|RECEIVE FROM 0x0101D676,0xE92E1D8E,0x91728D11:0x80000003] PRESPsReaderQueue_evaluateSample:serialize failed
ERROR [0x0101BE35,0x47B28D9B,0x87A311F6:0x80000004{Entity=DR,MessageKind=DATA}|RECEIVE FROM 0x0101D676,0xE92E1D8E,0x91728D11:0x80000003] PRESPsReaderQueue_addQueueEntryToPolled:The sample couldn't be evaluated

This issue only occurred when the DataWriter sending the samples did not use writer-side filtering.

[RTI Issue ID ROUTING-1189]

14.5.2.2. Dynamic Data

14.5.2.2.1. [Major] Routing Service did not work with empty structs

Routing Service could have failed to route a type defined as an empty struct. This problem was caused by issue CORE-14606 (described here in the RTI Connext Core Libraries Release Notes), which has been fixed.

This issue could have caused Routing Service to fail with the following error:

DDS_DynamicData2_allocateMembers: Could not reserve buffer of 0 bytes for values.

[RTI Issue ID ROUTING-1203]

14.5.2.3. Crashes

14.5.2.3.1. [Critical] Routing Service could crash if trying to allocate with insufficient memory

If the host system didn’t have enough memory available for Routing Service to allocate some of its resources, Routing Service could crash after failing to perform the allocation.

[RTI Issue ID ROUTING-1207]

14.5.2.4. Vulnerabilities

14.5.2.4.1. [Critical] Stack buffer write overflow could occur when parsing malicious XML types document

An out-of-bounds write on the stack in Routing Service could have occurred while parsing a malicious XML types document.

14.5.2.4.1.1. User Impact without Security

A vulnerability in Routing Service loading types via XML could have resulted in the following:

  • Stack buffer overflow while parsing a malicious XML types document.

  • Exploitable by changing an XML configuration file on the file system.

  • Potential impact on the integrity of the application(s) using the XML types document. Such applications could include Routing Service.

  • Potential crash in the application.

  • In Routing Service, it could potentially be triggered through the remote administration command load.

  • CVSS Base Score: 9.1 CRITICAL

  • CVSS 3.1 Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

14.5.2.4.1.2. User Impact with Security

A vulnerability in Routing Service loading types via XML could have resulted in the following:

  • Stack buffer overflow while parsing a malicious XML types document.

  • Exploitable by changing an XML configuration file on the file system.

  • Potential impact on the integrity of the application(s) using the XML types document. Such applications could include Routing Service.

  • Potential crash in the application.

  • A Governance Document that has a value other than NONE for a *_protection_kind that applies to the Routing Service’s remote administration topics would defend against any attacks over the network.

  • CVSS Base Score: 7.1 HIGH

  • CVSS 3.1 Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

[RTI Issue ID ROUTING-1238]

14.5.2.4.2. [Critical] Stack Overflow could occur when using XML configuration file referencing environment variables

An out-of-bounds write on the stack in Routing Service could have occurred while parsing XML files containing references to external environment variables.

14.5.2.4.2.1. User Impact without Security

A vulnerability in Routing Service could have resulted in the following:

  • Stack buffer overflow when parsing a malicious XML file.

  • Exploitable by providing malicious XML code to the applications during startup.

  • Routing Service could be exploited by using a remote load administration command with malicious XML code.

  • CVSS 3.1 Score: 8.2 HIGH

  • CVSS 3.1 Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L

14.5.2.4.2.2. User Impact with Security

A vulnerability in Routing Service could have resulted in the following:

  • Stack buffer overflow when parsing a malicious XML file.

  • Exploitable by providing malicious XML code to the applications during startup.

  • A Governance Document that has a value other than NONE for a *_protection_kind that applies to the Routing Service’s remote administration topics would defend against any attacks over the network.

  • CVSS 3.1 Score: 6.1 MEDIUM

  • CVSS 3.1 Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L

[RTI Issue ID ROUTING-1223]