14.4. What’s Fixed in 7.5.0

This section describes bugs fixed in Routing Service 7.5.0. These are fixes since 7.4.0.

RTI® Connext® 7.5.0 is an early access releases. See the Connext Releases page on the RTI website for more information on RTI’s software release model.

For what’s fixed in other products in the Connext suite, see those products’ release notes on the RTI Community Portal or in your installation.

[Critical]: System-stopping issue, such as a crash or data loss.
[Major]: Significant issue with no easy workaround.
[Minor]: Issue that usually has a workaround.
[Trivial]: Small issue, such as a typo in a log.

14.4.1. Hangs

14.4.1.1. [Major] Routing Service nonresponsive when writing data to a Topic

Routing Service could have become nonresponsive when attempting to register the type used by the DDS StreamWriter if there was not enough memory.

[RTI Issue ID ROUTING-1284]

14.4.2. Crashes

14.4.2.1. [Critical] Possible crash if trying to allocate with insufficient memory

If the host system didn’t have enough memory available for Routing Service to allocate some of its resources, Routing Service could have crashed after failing to perform the allocation.

[RTI Issue ID ROUTING-1266]

14.4.2.2. [Critical] Possible crash if custom transformation returned the provided input samples or sample infos as output

Routing Service could have crashed or had a memory corruption when using a custom Transformation that returned the same array of samples or sample infos provided to it as outputs within its transform() method.

For example, the following code returned the collection of info objects, inInfoList, as the output list, outInfoLst. This could have resulted in corrupted memory or a crash.

void MyCustomTransformation_transform(
        RTI_RoutingServiceTransformation transformation,
        RTI_RoutingServiceSample **outSampleList,
        RTI_RoutingServiceSampleInfo **outInfoList,
        int *outCount,
        RTI_RoutingServiceSample *inSampleList,
        RTI_RoutingServiceSampleInfo *inInfoList,
        int inCount,
        RTI_RoutingServiceEnvironment * env)
{
    // ...

    *outCount = inCount;
    *outInfoList = inInfoList;

    // ...
}

[RTI Issue ID ROUTING-1236]

14.4.2.3. [Critical] Routing Service did not perform compatibility checks on routed types

Routing Service may discover types on different ends of a TopicRoute that are not assignable from one another. However, the service did not check for this case when assigning the types to the different ports, which could have caused data corruption or undefined behavior.

[RTI Issue ID ROUTING-1142]

14.4.2.4. [Critical] Memory leaks and errors when using DDS fragmentation with compression or encryption

Using DDS fragmentation along with compression or encryption caused a memory leak. This occurred when storing the serialized data from samples received by Routing Service. Errors similar to the following were printed:

FATAL rCo79661##01Rcv [PARSE MESSAGE|0x01016350,0x5A66C0E7,0x8DA940ED:0x80000004
{Entity=DR,MessageKind=DATA_FRAG}|RECEIVE FROM 0x01018673,0xDB0C9361,0xB2B4181F:0x80000003]
Mx02:/home/user/osapi.1.0/srcC/memory/heap.c:1104:RTI0x2022004:inconsistent free/alloc:
block id 0 being freed with "RTIOsapiHeap_allocateBufferAligned" and was allocated with
"RTIOsapiHeap_unknownFunction"

[RTI Issue ID ROUTING-1258]

14.4.3. Vulnerabilities

The following vulnerabilities are fixed in this release.

See also RTI’s Security Vulnerability Information for a complete list of vulnerabilities in RTI releases that have been published through the CVE® Program. That list may be more up-to-date.

14.4.3.1. [Critical] Possible stack corruption in Routing Service when using malicious Routing Service XML configuration document

An out-of-bounds write on the stack in Routing Service could have occurred after loading a malicious XML QoS document.

14.4.3.1.1. User Impact without Security

A vulnerability in Routing Service loading configurations via XML could have resulted in the following:

14.4.3.1.2. User Impact with Security

A vulnerability in Routing Service loading configurations via XML could have resulted in the following:

  • Routing Service could corrupt the stack.

  • Exploitable by providing a malicious XML document to Routing Service during startup.

  • Potential impact on the integrity of Routing Service when using the XML QoS document.

  • Potential crash in the application.

  • A Governance Document with a value other than NONE for a *_protection_kind that applies to Routing Service’s remote administration topics would defend against any attacks over the network.

  • CVSS v3.1 Base Score: 7.1 HIGH

  • CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

  • CVSS v4.0 Base Score: 6.9 MEDIUM

  • CVSS v4.0 Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N

[RTI Issue ID ROUTING-1257]

14.4.3.2. Potential stack buffer overflow in Routing Service when discovering types or loading XML types with certain characteristics

The stack could have been corrupted when Routing Service discovered a malicious type or loaded a malicious XML type.

14.4.3.2.1. User Impact without Security

This vulnerability could cause the following in Routing Service:

14.4.3.2.2. User Impact with Security

This vulnerability could cause the following in Routing Service:

[RTI Issue ID ROUTING-1235]