Ubuntu
net-tools package

Adding a default IPv6 route with "route -A inet6" results in buffer overflow

Bug #628802 reported by drizzt on 2010-09-02

This bug affects 3 people

Affects		Status	Importance	Assigned to	Milestone
	net-tools (Ubuntu)	Confirmed	Undecided	Unassigned

Bug Description

Binary package hint: net-tools

Tested on two 10.04 boxes. Setting a host route results in the same error.

# route -A inet6 add default fe80::232:15ff:fef3: ======= Backtrace: =========
/lib/libc.so.6(__fortify_fail+0x37)so.6(+0xfe0c0)[0x7fbe007470c0 route[0x40200e]
/lib/libc.so.6(__libc_start_main+0xfd) ======= Memory map: ========
00400000-0040d000 r-xp 00000000 08:01 1622121 0060c000-0060d000 r--p 0000c000 08:01 1622121 0060d000-0060e000 rw-p 0000d000 08:01 1622121 0060e000-0060f000 rw-p 00000000 00:00 0
02099000-020ba000 rw-p 00000000 00:00 0 7fbe00432000-7fbe00448000 r-xp 00000000 08:01 1083543 7fbe00448000-7fbe00647000 ---p 00016000 08:01 1083543 7fbe00647000-7fbe00648000 r--p 00015000 08:01 1083543 7fbe00648000-7fbe00649000 rw-p 00016000 08:01 1083543 7fbe00649000-7fbe007c3000 r-xp 00000000 08:01 1083525 7fbe007c3000-7fbe009c2000 ---p 0017a000 08:01 1083525 7fbe009c2000-7fbe009c6000 r--p 00179000 08:01 1083525 7fbe009c6000-7fbe009c7000 rw-p 0017d000 08:01 1083525 7fbe009c7000-7fbe009cc000 rw-p 00000000 00:00 0
7fbe009cc000-7fbe009ec000 r-xp 00000000 08:01 1083514 7fbe00ba0000-7fbe00ba1000 r--p 00000000 08:01 1533404 7fbe00ba1000-7fbe00bd8000 r--p 00000000 08:01 1501267 7fbe00bd8000-7fbe00bd9000 r--p 00000000 08:01 1501268 7fbe00bd9000-7fbe00bda000 r--p 00000000 08:01 1501269 7fbe00bda000-7fbe00bdf000 r--p 00000000 08:01 1501270 7fbe00bdf000-7fbe00be0000 r--p 00000000 08:01 1501271 7fbe00be0000-7fbe00be1000 r--p 00000000 08:01 1509459 7fbe00be1000-7fbe00be2000 r--p 00000000 08:01 1501272 7fbe00be2000-7fbe00be5000 rw-p 00000000 00:00 0
7fbe00be5000-7fbe00be6000 r--p 00000000 08:01 1501273 7fbe00be6000-7fbe00be7000 r--p 00000000 08:01 1501274 7fbe00be7000-7fbe00be8000 r--p 00000000 08:01 1501275 7fbe00be8000-7fbe00be9000 r--p 00000000 08:01 1501276 7fbe00be9000-7fbe00bea000 r--p 00000000 08:01 1501277 7fbe00bea000-7fbe00bec000 rw-p 00000000 00:00 0
7fbe00bec000-7fbe00bed000 r--p 00020000 08:01 1083514 7fbe00bed000-7fbe00bee000 rw-p 00021000 08:01 1083514 7fbe00bee000-7fbe00bef000 rw-p 00000000 00:00 0
7fff36cd1000-7fff36ce6000 rw-p 00000000 00:00 0 7fff36d21000-7fff36d22000 r-xp 00000000 00:00 0 ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0 Aborted />d400
/>[0x7fbe00748207]
/>]
/>[0x7fbe00667c4d]
/sbin/route
/sbin/route
/sbin/route
[heap]
/lib/libgcc_s.so.1
/lib/libgcc_s.so.1
/lib/libgcc_s.so.1
/lib/libgcc_s.so.1
/lib/libc-2.11.1.so
/lib/libc-2.11.1.so
/lib/libc-2.11.1.so
/lib/libc-2.11.1.so
/lib/ld-2.11.1.so
/usr/share/locale-langpack/en_GB/LC_MESSAGES/net-tools.mo
/usr/lib/locale/en_GB/LC_CTYPE
/usr/lib/locale/en_GB/LC_NUMERIC
/usr/lib/locale/en_GB/LC_TIME
/usr/lib/locale/en_GB/LC_COLLATE
/usr/lib/locale/en_GB/LC_MONETARY
/usr/lib/locale/en_GB/LC_MESSAGES/SYS_LC_MESSAGES
/usr/lib/locale/en_GB/LC_PAPER
/usr/lib/locale/en_GB/LC_NAME
/usr/lib/locale/en_GB/LC_ADDRESS
/usr/lib/locale/en_GB/LC_TELEPHONE
/usr/lib/locale/en_GB/LC_MEASUREMENT
/usr/lib/locale/en_GB/LC_IDENTIFICATION
/lib/ld-2.11.1.so
/lib/ld-2.11.1.so
[stack]
[vdso]
[vsyscall]

ProblemType: Bug
DistroRelease: Ubuntu 10.04
Package: net-tools 1.60-23ubuntu2
ProcVersionSignature: Ubuntu 2.6.32-24.41-generic 2.6.32.15+drm33.5
Uname: Linux 2.6.32-24-generic x86_64
Architecture: amd64
Date: Thu Sep 2 14:28:53 2010
InstallationMedia:

ProcEnviron:
SHELL=/bin/bash
PATH=(custom, no user)
LANG=en_GB
SourcePackage: net-tools

Tags:

Revision history for this message

drizzt (tontosmails) wrote on 2010-09-02:

Dependencies.txt Edit (495 bytes, text/plain; charset="utf-8")

Revision history for this message

Peerke (rene-notfound) wrote on 2010-12-09:

Download full text (3.6 KiB)

I have the same problem:
Ubuntu 10.4 2.6.32-24-server

*** buffer overflow detected ***: route terminated
======= Backtrace: =========
/lib/libc.so.6(__fortify_fail+0x37)[0x7fbee01cd217]
/lib/libc.so.6(+0xfe0d0)[0x7fbee01cc0d0]
route[0x4051ec]
route[0x40200e]
/lib/libc.so.6(__libc_start_main+0xfd)[0x7fbee00ecc4d]
route[0x401ab9]
======= Memory map: ========
00400000-0040d000 r-xp 00000000 fb:02 4456473 /sbin/route
0060c000-0060d000 r--p 0000c000 fb:02 4456473 /sbin/route
0060d000-0060e000 rw-p 0000d000 fb:02 4456473 /sbin/route
0060e000-0060f000 rw-p 00000000 00:00 0
01189000-011aa000 rw-p 00000000 00:00 0 [heap]
7fbedfeb7000-7fbedfecd000 r-xp 00000000 fb:02 131129 /lib/libgcc_s.so.1
7fbedfecd000-7fbee00cc000 ---p 00016000 fb:02 131129 /lib/libgcc_s.so.1
7fbee00cc000-7fbee00cd000 r--p 00015000 fb:02 131129 /lib/libgcc_s.so.1
7fbee00cd000-7fbee00ce000 rw-p 00016000 fb:02 131129 /lib/libgcc_s.so.1
7fbee00ce000-7fbee0248000 r-xp 00000000 fb:02 131458 /lib/libc-2.11.1.so
7fbee0248000-7fbee0447000 ---p 0017a000 fb:02 131458 /lib/libc-2.11.1.so
7fbee0447000-7fbee044b000 r--p 00179000 fb:02 131458 /lib/libc-2.11.1.so
7fbee044b000-7fbee044c000 rw-p 0017d000 fb:02 131458 /lib/libc-2.11.1.so
7fbee044c000-7fbee0451000 rw-p 00000000 00:00 0
7fbee0451000-7fbee0471000 r-xp 00000000 fb:02 131382 /lib/ld-2.11.1.so
7fbee04fd000-7fbee053c000 r--p 00000000 fb:02 2107553 /usr/lib/locale/en_US.utf8/LC_CTYPE
7fbee053c000-7fbee053d000 r--p 00000000 fb:02 2107554 /usr/lib/locale/en_US.utf8/LC_NUMERIC
7fbee053d000-7fbee053e000 r--p 00000000 fb:02 2107555 /usr/lib/locale/en_US.utf8/LC_TIME
7fbee053e000-7fbee065c000 r--p 00000000 fb:02 2107556 /usr/lib/locale/en_US.utf8/LC_COLLATE
7fbee065c000-7fbee065d000 r--p 00000000 fb:02 2107557 /usr/lib/locale/en_US.utf8/LC_MONETARY
7fbee065d000-7fbee065e000 r--p 00000000 fb:02 2107559 /usr/lib/locale/en_US.utf8/LC_MESSAGES/SYS_LC_MESSAGES
7fbee065e000-7fbee0665000 r--s 00000000 fb:02 2112364 /usr/lib/gconv/gconv-modules.cache
7fbee0665000-7fbee0668000 rw-p 00000000 00:00 0
7fbee0668000-7fbee0669000 r--p 00000000 fb:02 2107560 /usr/lib/locale/en_US.utf8/LC_PAPER
7fbee0669000-7fbee066a000 r--p 00000000 fb:02 2107561 /usr/lib/locale/en_US.utf8/LC_NAME
7fbee066a000-7fbee066b000 r--p 00000000 fb:02 2107562 /usr/lib/locale/en_US.utf8/LC_ADDRESS
7fbee066b000-7fbee066c000 r--p 00000000 fb:02 2107563 /usr/lib/locale/en_US.utf8/LC_TELEPHONE
7fbee066c000-7fbee066d000 r--p 00000000 fb:02 2107564 /usr/lib/locale/en_US.utf8/LC_MEASUREMENT
7fbee066d000-7fbee066e000 r--p 00000000 fb:02 2107565 /usr/lib/locale/en_US.utf8/LC_IDENTIFICATION
7fbee066e000-7fbee0670000 rw-p 00000000 00:00 0
7fbee0670000-7fbee067100...

I have the same problem:
Ubuntu 10.4 2.6.32-24-server

*** buffer overflow detected ***: route terminated
======= Backtrace: =========
/lib/libc.so.6(__fortify_fail+0x37)[0x7fbee01cd217]
/lib/libc.so.6(+0xfe0d0)[0x7fbee01cc0d0]
route[0x4051ec]
route[0x40200e]
/lib/libc.so.6(__libc_start_main+0xfd)[0x7fbee00ecc4d]
route[0x401ab9]
======= Memory map: ========
00400000-0040d000 r-xp 00000000 fb:02 4456473                            /sbin/route
0060c000-0060d000 r--p 0000c000 fb:02 4456473                            /sbin/route
0060d000-0060e000 rw-p 0000d000 fb:02 4456473                            /sbin/route
0060e000-0060f000 rw-p 00000000 00:00 0 
01189000-011aa000 rw-p 00000000 00:00 0                                  [heap]
7fbedfeb7000-7fbedfecd000 r-xp 00000000 fb:02 131129                     /lib/libgcc_s.so.1
7fbedfecd000-7fbee00cc000 ---p 00016000 fb:02 131129                     /lib/libgcc_s.so.1
7fbee00cc000-7fbee00cd000 r--p 00015000 fb:02 131129                     /lib/libgcc_s.so.1
7fbee00cd000-7fbee00ce000 rw-p 00016000 fb:02 131129                     /lib/libgcc_s.so.1
7fbee00ce000-7fbee0248000 r-xp 00000000 fb:02 131458                     /lib/libc-2.11.1.so
7fbee0248000-7fbee0447000 ---p 0017a000 fb:02 131458                     /lib/libc-2.11.1.so
7fbee0447000-7fbee044b000 r--p 00179000 fb:02 131458                     /lib/libc-2.11.1.so
7fbee044b000-7fbee044c000 rw-p 0017d000 fb:02 131458                     /lib/libc-2.11.1.so
7fbee044c000-7fbee0451000 rw-p 00000000 00:00 0 
7fbee0451000-7fbee0471000 r-xp 00000000 fb:02 131382                     /lib/ld-2.11.1.so
7fbee04fd000-7fbee053c000 r--p 00000000 fb:02 2107553                    /usr/lib/locale/en_US.utf8/LC_CTYPE
7fbee053c000-7fbee053d000 r--p 00000000 fb:02 2107554                    /usr/lib/locale/en_US.utf8/LC_NUMERIC
7fbee053d000-7fbee053e000 r--p 00000000 fb:02 2107555                    /usr/lib/locale/en_US.utf8/LC_TIME
7fbee053e000-7fbee065c000 r--p 00000000 fb:02 2107556                    /usr/lib/locale/en_US.utf8/LC_COLLATE
7fbee065c000-7fbee065d000 r--p 00000000 fb:02 2107557                    /usr/lib/locale/en_US.utf8/LC_MONETARY
7fbee065d000-7fbee065e000 r--p 00000000 fb:02 2107559                    /usr/lib/locale/en_US.utf8/LC_MESSAGES/SYS_LC_MESSAGES
7fbee065e000-7fbee0665000 r--s 00000000 fb:02 2112364                    /usr/lib/gconv/gconv-modules.cache
7fbee0665000-7fbee0668000 rw-p 00000000 00:00 0 
7fbee0668000-7fbee0669000 r--p 00000000 fb:02 2107560                    /usr/lib/locale/en_US.utf8/LC_PAPER
7fbee0669000-7fbee066a000 r--p 00000000 fb:02 2107561                    /usr/lib/locale/en_US.utf8/LC_NAME
7fbee066a000-7fbee066b000 r--p 00000000 fb:02 2107562                    /usr/lib/locale/en_US.utf8/LC_ADDRESS
7fbee066b000-7fbee066c000 r--p 00000000 fb:02 2107563                    /usr/lib/locale/en_US.utf8/LC_TELEPHONE
7fbee066c000-7fbee066d000 r--p 00000000 fb:02 2107564                    /usr/lib/locale/en_US.utf8/LC_MEASUREMENT
7fbee066d000-7fbee066e000 r--p 00000000 fb:02 2107565                    /usr/lib/locale/en_US.utf8/LC_IDENTIFICATION
7fbee066e000-7fbee0670000 rw-p 00000000 00:00 0 
7fbee0670000-7fbee0671000 r--p 0001f000 fb:02 131382                     /lib/ld-2.11.1.so
7fbee0671000-7fbee0672000 rw-p 00020000 fb:02 131382                     /lib/ld-2.11.1.so
7fbee0672000-7fbee0673000 rw-p 00000000 00:00 0 
7fff6bb38000-7fff6bb4d000 rw-p 00000000 00:00 0                          [stack]
7fff6bbff000-7fff6bc00000 r-xp 00000000 00:00 0                          [vdso]
ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0                  [vsyscall]
Aborted

Revision history for this message

Dennis Kruyt (dennis-kruyt) wrote on 2011-03-13:

Got same when adding a ipv6 route on 10.10

route -A inet6 add 2001:X:X:2::/64 2001:X:X:1::2/64
*** buffer overflow detected ***: route terminated
======= Backtrace: =========
/lib/libc.so.6(__fortify_fail+0x50)[0xef9970]
/lib/libc.so.6(+0xe486a)[0xef886a]
/lib/libc.so.6(__strcpy_chk+0x44)[0xef7be4]
route[0x804ca8d]
route[0x80498fa]
/lib/libc.so.6(__libc_start_main+0xe7)[0xe2ace7]
route[0x8049361]
======= Memory map: ========
00110000-0012a000 r-xp 00000000 fb:00 5767228 /lib/libgcc_s.so.1
0012a000-0012b000 r--p 00019000 fb:00 5767228 /lib/libgcc_s.so.1
0012b000-0012c000 rw-p 0001a000 fb:00 5767228 /lib/libgcc_s.so.1
0017e000-0019a000 r-xp 00000000 fb:00 5769610 /lib/ld-2.12.1.so
0019a000-0019b000 r--p 0001b000 fb:00 5769610 /lib/ld-2.12.1.so
0019b000-0019c000 rw-p 0001c000 fb:00 5769610 /lib/ld-2.12.1.so
00884000-00885000 r-xp 00000000 00:00 0 [vdso]
00e14000-00f6b000 r-xp 00000000 fb:00 5769613 /lib/libc-2.12.1.so
00f6b000-00f6d000 r--p 00157000 fb:00 5769613 /lib/libc-2.12.1.so
00f6d000-00f6e000 rw-p 00159000 fb:00 5769613 /lib/libc-2.12.1.so
00f6e000-00f71000 rw-p 00000000 00:00 0
08048000-08054000 r-xp 00000000 fb:00 393242 /sbin/route
08054000-08055000 r--p 0000b000 fb:00 393242 /sbin/route
08055000-08056000 rw-p 0000c000 fb:00 393242 /sbin/route
09d9c000-09dbd000 rw-p 00000000 00:00 0 [heap]
b756f000-b776f000 r--p 00000000 fb:00 131980 /usr/lib/locale/locale-archive
b776f000-b7770000 rw-p 00000000 00:00 0
b7777000-b7778000 r--p 002a1000 fb:00 131980 /usr/lib/locale/locale-archive
b7778000-b777a000 rw-p 00000000 00:00 0
bfad3000-bfaf4000 rw-p 00000000 00:00 0 [stack]
Aborted

RajaSekharReddy Genupula (genupulas) on 2012-12-25

Changed in net-tools (Ubuntu):
status:	New → Confirmed

Revision history for this message

Ole Wolf (ole.wolf) wrote on 2013-09-11:

Also present in 13.04:

$ sudo route -6 add default 2001:470:28:20f::1
*** buffer overflow detected ***: route terminated
======= Backtrace: =========
/lib/x86_64-linux-gnu/libc.so.6(__fortify_fail+0x5c)[0x7fac641e65cc]
/lib/x86_64-linux-gnu/libc.so.6(+0x110560)[0x7fac641e5560]
route[0x404d87]
route[0x401d6b]
/lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf5)[0x7fac640f6ea5]
route[0x401e79]
======= Memory map: ========
00400000-0040d000 r-xp 00000000 08:01 145925 /sbin/route
0060c000-0060d000 r--p 0000c000 08:01 145925 /sbin/route
0060d000-0060e000 rw-p 0000d000 08:01 145925 /sbin/route
0060e000-0060f000 rw-p 00000000 00:00 0
017e9000-0180a000 rw-p 00000000 00:00 0 [heap]
7fac63a87000-7fac63a9b000 r-xp 00000000 08:01 1314639 /lib/x86_64-linux-gnu/libgcc_s.so.1
7fac63a9b000-7fac63c9b000 ---p 00014000 08:01 1314639 /lib/x86_64-linux-gnu/libgcc_s.so.1
7fac63c9b000-7fac63c9c000 r--p 00014000 08:01 1314639 /lib/x86_64-linux-gnu/libgcc_s.so.1
7fac63c9c000-7fac63c9d000 rw-p 00015000 08:01 1314639 /lib/x86_64-linux-gnu/libgcc_s.so.1
7fac63c9d000-7fac640d5000 r--p 00000000 08:01 262596 /usr/lib/locale/locale-archive
7fac640d5000-7fac64293000 r-xp 00000000 08:01 1320272 /lib/x86_64-linux-gnu/libc-2.17.so
7fac64293000-7fac64492000 ---p 001be000 08:01 1320272 /lib/x86_64-linux-gnu/libc-2.17.so
7fac64492000-7fac64496000 r--p 001bd000 08:01 1320272 /lib/x86_64-linux-gnu/libc-2.17.so
7fac64496000-7fac64498000 rw-p 001c1000 08:01 1320272 /lib/x86_64-linux-gnu/libc-2.17.so
7fac64498000-7fac6449d000 rw-p 00000000 00:00 0
7fac6449d000-7fac644c0000 r-xp 00000000 08:01 1320268 /lib/x86_64-linux-gnu/ld-2.17.so
7fac64698000-7fac6469b000 rw-p 00000000 00:00 0
7fac646bc000-7fac646bf000 rw-p 00000000 00:00 0
7fac646bf000-7fac646c0000 r--p 00022000 08:01 1320268 /lib/x86_64-linux-gnu/ld-2.17.so
7fac646c0000-7fac646c2000 rw-p 00023000 08:01 1320268 /lib/x86_64-linux-gnu/ld-2.17.so
7fffd920f000-7fffd9230000 rw-p 00000000 00:00 0 [stack]
7fffd93fe000-7fffd9400000 r-xp 00000000 00:00 0 [vdso]
ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0 [vsyscall]

Also present in 13.04:

$ sudo route -6 add default 2001:470:28:20f::1
*** buffer overflow detected ***: route terminated
======= Backtrace: =========
/lib/x86_64-linux-gnu/libc.so.6(__fortify_fail+0x5c)[0x7fac641e65cc]
/lib/x86_64-linux-gnu/libc.so.6(+0x110560)[0x7fac641e5560]
route[0x404d87]
route[0x401d6b]
/lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf5)[0x7fac640f6ea5]
route[0x401e79]
======= Memory map: ========
00400000-0040d000 r-xp 00000000 08:01 145925                             /sbin/route
0060c000-0060d000 r--p 0000c000 08:01 145925                             /sbin/route
0060d000-0060e000 rw-p 0000d000 08:01 145925                             /sbin/route
0060e000-0060f000 rw-p 00000000 00:00 0 
017e9000-0180a000 rw-p 00000000 00:00 0                                  [heap]
7fac63a87000-7fac63a9b000 r-xp 00000000 08:01 1314639                    /lib/x86_64-linux-gnu/libgcc_s.so.1
7fac63a9b000-7fac63c9b000 ---p 00014000 08:01 1314639                    /lib/x86_64-linux-gnu/libgcc_s.so.1
7fac63c9b000-7fac63c9c000 r--p 00014000 08:01 1314639                    /lib/x86_64-linux-gnu/libgcc_s.so.1
7fac63c9c000-7fac63c9d000 rw-p 00015000 08:01 1314639                    /lib/x86_64-linux-gnu/libgcc_s.so.1
7fac63c9d000-7fac640d5000 r--p 00000000 08:01 262596                     /usr/lib/locale/locale-archive
7fac640d5000-7fac64293000 r-xp 00000000 08:01 1320272                    /lib/x86_64-linux-gnu/libc-2.17.so
7fac64293000-7fac64492000 ---p 001be000 08:01 1320272                    /lib/x86_64-linux-gnu/libc-2.17.so
7fac64492000-7fac64496000 r--p 001bd000 08:01 1320272                    /lib/x86_64-linux-gnu/libc-2.17.so
7fac64496000-7fac64498000 rw-p 001c1000 08:01 1320272                    /lib/x86_64-linux-gnu/libc-2.17.so
7fac64498000-7fac6449d000 rw-p 00000000 00:00 0 
7fac6449d000-7fac644c0000 r-xp 00000000 08:01 1320268                    /lib/x86_64-linux-gnu/ld-2.17.so
7fac64698000-7fac6469b000 rw-p 00000000 00:00 0 
7fac646bc000-7fac646bf000 rw-p 00000000 00:00 0 
7fac646bf000-7fac646c0000 r--p 00022000 08:01 1320268                    /lib/x86_64-linux-gnu/ld-2.17.so
7fac646c0000-7fac646c2000 rw-p 00023000 08:01 1320268                    /lib/x86_64-linux-gnu/ld-2.17.so
7fffd920f000-7fffd9230000 rw-p 00000000 00:00 0                          [stack]
7fffd93fe000-7fffd9400000 r-xp 00000000 00:00 0                          [vdso]
ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0                  [vsyscall]