Patch Name: PHNE_25971 Patch Description: s700_800 11.04 (VVOS) telnet kernel and telnetd(1M) patch Creation Date: 01/12/18 Post Date: 02/01/08 Hardware Platforms - OS Releases: s700: 11.04 s800: 11.04 Products: N/A Filesets: Networking.NET2-KRN,fr=B.11.04,fa=HP-UX_B.11.04_32,v=HP Networking.NET2-KRN,fr=B.11.04,fa=HP-UX_B.11.04_64,v=HP InternetSrvcs.INETSVCS-RUN,fr=B.11.04,fa=HP-UX_B.11.04_32/64,v=HP OS-Core.CORE-KRN,fr=B.11.04,fa=HP-UX_B.11.04_32/64,v=HP ProgSupport.C-INC,fr=B.11.04,fa=HP-UX_B.11.04_32/64,v=HP InternetSrvcs.INET-ENG-A-MAN,fr=B.11.04,fa=HP-UX_B.11.04_32/64,v=HP Automatic Reboot?: Yes Status: General Release Critical: Yes PHNE_25971: MEMORY_LEAK HANG Based on HP-UX Patch PHNE_22159: HANG MEMORY_LEAK Memory leak in telnetd Based on HP-UX Patch PHNE_21952: HANG Memory leak in telnetd PHNE_23027: PANIC Based on HP-UX Patch PHNE_20936: PANIC If minor number exceeds boundary value system panics. PHNE_19127: PANIC HANG Based on HP-UX Patch PHNE_14957: PANIC 1. There was occasional system panics due to telnetd. Based on HP-UX Patch PHNE_14424: HANG 1. The telnet sub system is completely unusable. PHNE_18907: PANIC Based on HP-UX Patch PHNE_16546: PANIC While rebooting the system, telnet caused a panic. Based on HP-UX Patch PHNE_14818: PANIC System panics with a data page fault. Category Tags: defect_repair enhancement general_release critical panic halts_system memory_leak Path Name: /hp-ux_patches/s700_800/11.X/PHNE_25971 Symptoms: PHNE_25971: Ported HP-UX patch PHNE_24762 to VVOS Please note that Kerberos (and therefore JAGad92559) is not supported on VVOS. Based on HP-UX patch PHNE_24762: SR 8606212875 / CR JAGad82062 1. Buffer handling in telnetd needs to be enhanced. SR 8606212874 / CR JAGad82061 2. Telnetd has a service issue. SR 8606188928 / CR JAGad58144 3. While transferring huge amount of data at high speed, telnetd adds extra null characters to the byte stream, thereby breaking the application. SR 8606220839 / CR JAGad89975 4. Incorrect records might be written into /etc/utmpx by telnetd when it exits. SR 8606223462 / CR JAGad92559 5. telnetd is not working properly in kerberos environment. SR 8606209806 / CR JAGad78992 6. swverify logs error messages for telnetd manpage after installing 11.00 install media. PHNE_25079: Ported HP-UX patch PHNE_22159 to VVOS Based on HP-UX patch PHNE_22159: SR 8606182980 / CR JAGad52196 1. telnetd does not close connection if stty 0 is given. SR 8606176054 / CR JAGad45294 2. Memory leak as telnetd does not manage telnet queues properly. SR 8606157405 / CR JAGad26736 3. telnet daemon sets the pty speed to 0 if the telnet client speed is > 38400 SR 8606114446 / CR JAGac29210 4. telnet hangs with "Reflection", a terminal emulation software used by Windows telnet client. SR 1653304360 / CR JAGab16743 5. Single byte write to DTC over telnet degraded by 10.20 to 11.0 update Based on HP-UX patch PHNE_21952: SR 8606145850 / JAGad15186: 1. Memory leak in telnetd. PHNE_23027: Ported HP-UX patch PHNE_21822 to VVOS Based on HP-UX patch PHNE_21822: SR 8606140594 / JAGad09955: 1. Telnetd connection fails intermittently with a message in syslog which says "Baud Rate set to 0, connection closed" SR 8606126240 / JAGac56805: 2. Intermittent telnetd connection failure due to unflushed pty CR JAGab21120: 3. When a system is cold installed with May 1999 Extension Pack(9905) and later removed, telnet stops functioning. Based on HP-UX patch PHNE_20936: SR 8606134274 / CR JAGab75328: 1. telnetd does not close connection if stty 0 is given. SR 8606134275 / CR JAGab70058: 2. 11.0 telnetd: TELS/TELM driver code needs to include flow-control checks. SR 8606134276 / CR JAGab53771: 3. panic in telnets_open when minor number passed is beyond nstrtel value. SR 8606134273 / CR JAGab50706: 4. Memory leak in telnet streams module. Based on HP-UX patch PHNE_19298: 1. Inetd gives the error message "telnet/tcp:bind:Address already in use". 2. No help to generate telnet pty files. PHNE_19127: Ported HP-UX patch PHNE_18527 to VVOS Based on HP-UX patch PHNE_18527: 1. Misaligned error messages in log files while installing the telnetd patch PHNE_14957. 2. Bad system call in the postinstall script. 3. Backup directory should not be created under /dev/pts. 4. Backup directory should not be removed if not empty. PHNE_18907: Ported HP-UX patch PHNE_16546 to VVOS Based on HP-UX patch PHNE_16546: 1. At hp-ux 11.0 telnet connections hang in connection phase. 2. While rebooting a system, there was a panic due to telnet. Based on HP-UX patch PHNE_14957: 1. utmp file format limits number of telnet login sessions to 1000. 2. Telnet should detect that the pseudo drivers telm and tels are not in kernel. 3. telnetd displays login prompt before system id string. 4. At 11.0 there was a panic due to telnetd. Based on HP-UX patch PHNE_14819: 1. Sending a block of data over telnet connection causes it to close Based on HP-UX patch PHNE_14818: 1. Telnet causes system panic in putbq telnet_route_data on a 11.0 system. 2. memory leak in telnet. Based on HP-UX patch PHNE_14424: 1.inetd failed to fork telnetd with the error, "telnet/tcp: bind: Address already in use". Defect Description: PHNE_25971: Ported HP-UX patch PHNE_24762 to VVOS Please note that Kerberos (and therefore JAGad92559) is not supported on VVOS. Based on HP-UX patch PHNE_24762: SR 8606212875 / CR JAGad82062 1. Buffer handling in telnetd needs to be enhanced. Resolution: Code changes have been made to fix it. SR 8606212874 / CR JAGad82061 2. Telnetd has a service issue. Resolution: Code changes have been made to fix it. SR 8606188928 / CR JAGad58144 3. While transferring the byte stream at high speed, the character 0x0d which is not followed by 0x0a is appended with multiple 0x0 characters instead of a single 0x0 character. Resolution: Handling of flow control has been modified to solve this problem. SR 8606220839 / CR JAGad89975 4. telnetd might write a duplicate record into /etc/utmpx when the _pututline() api is interrupted by a signal. Resolution: Signals are blocked before calling _pututline() and enabled after the _pututline() api is succeeded. SR 8606223462 / CR JAGad92559 5. telnetd uses a libsis.sl api krb5_mk_rep() which has four arguments but telnetd is coded to pass three arguments which resulted in the failure of the api. A workaround was made to telnetd to pass four arguments to the api. In the latest libsis patch PHSS_23710, the api krb5_mk_rep() is corrected so that it accepts three arguments and the workaround in telnetd needs to be removed. Resolution: Workaround in telnetd code has been removed. telnetd now passes three arguments to the krb5_mk_rep() api. SR 8606209806 / CR JAGad78992 6. The /sbin/init.d/inetsvcs script combines the kerberos and non-kerberos manpages, eventhough it is already combined. Resolution: The patch scripts have been modified to ensure that /sbin/init.d/inetsvcs script will not combine the kerberos and non-kerberos manpages. PHNE_25079: Ported HP-UX patch PHNE_22159 to VVOS Based on HP-UX patch PHNE_22159: SR 8606182980 / CR JAGad52916 1. Setting stty 0 results in zero byte msgblk which was ignored. Resolution: stty 0 results in zero byte msgblk which is now processed to close the telnet connection. SR 8606176054 / CR JAGad45294 2. If the connection is closed while telnet is doing option negotiation, memory is not freed. Resolution: Code has been modified to free memory whenever connection is closed. SR 8606157405 / CR JAGad26736 3. If any telnet client requests for baud rate > 38400, the telnet daemon resets the value. Resolution: If any request for Baud rate arrives, which is greater than the maximum, i.e 38400, then the telnet daemon resets the Baud rate value to the lowest value instead of setting it to zero. SR 8606114446 / CR JAGac29210 4. While displaying quite large files using "Reflection", a terminal emulation software, the application hangs. Resolution: Flow control has been properly enabled which solved this problem. SR 1653304360 / CR JAGab16743 5. With TCP_NODELAY option, single byte packets from telnetd clogged the network. Resolution: Buffering is implemented in telnetd so that it no more writes single byte packets to the network. Based on HP-UX patch PHNE_21952: SR 8606145850 / JAGad15186: 1. Memory chunks are not freed when telnet exits. Resolution: Steps have been taken to free unwanted memory and the code has been modified accordingly. PHNE_23027: Ported HP-UX patch PHNE_21822 to VVOS Based on HP-UX patch PHNE_21822: SR 8606140594 / JAGad09955: 1. Telnetd connections occasionally get closed. This problem is found in patch PHNE_20936 where the fix for 8606140594 generates this wrong behaviour. The fix for 8606140594 has been removed in this patch. Resolution: The fix for 8606140594 has been removed and the problem is avoided. SR 8606126240 / JAGac56805: 2. Telnetd connections intermittently failed because it ended up using an active pty instead of procuring a free pty. Resolution: The root cause was because of persistent links in the streams. Telnetd creates only non-persistent links now and thereby solves the problem of ending up using same pty across different connections. CR JAGab21120: 3. When May 1999 Extension Pack(9905) is cold installed and later removed, telnetd looks for old device files and since those files are not present, telnetd ceases to work. Resolution: We are providing a warning in the patch script alerting the user to run /sbin/insf manually to regenerate the device files if for any reason the script fails to do so and thereby avoids potential problems that could arise because of old file names versus new file names. Based on HP-UX patch PHNE_20936: 1. Setting stty 0 results in zero byte msgblk which was ignored. Resolution: stty 0 results in zero byte msgblk which is now processed to close the telnet connection. 2. TELS/TELM code needed flow control checks. Resolution: Flow control related checks have been introduced. 3. If minor number exceeds boundary value, system panics. Resolution: Boundary check for minor number values is introduced. 4. telnet streams module fails to free some memory. Resolution: Code has been modified to free unwanted allocated memory chunks. Based on HP-UX patch PHNE_19298: 1. As telnetd was exiting without unlinking the persistent links, inetd was unable to spawn telnetd and it displayed the error message. Resolution: The code has been modified so that telnetd unlinks all the persistent links before exiting. 2. Patch scripts do not provide enough information to create telnet pty files. Resolution: The postremove script has been modified to include details for generating telnet pty files. PHNE_19127: Ported HP-UX patch PHNE_18527 to VVOS Based on HP-UX patch PHNE_18527: 1. Error messages from the control scripts of PHNE_14957 were not properly aligned in the log files. Resolution: The scripts have been modified to properly align the error messages in the log files by ensuring that the messages begin from tenth column. 2. postinstall script was running insf command which is not encouraged. Resolution: insf command should be run to create telnet tty files. This command should not be run from the postinstall script but should be done from configure script because in an OS update scenario this can result in core dump. 3. Patch script creates a backup directory to save the existing telnet tty files which should not be done in /dev/pts. Resolution: The backup directory is not created anymore under /dev/pts. The directory is created now under /var/adm/sw. 4. Patch script removes the backup directory though it was not empty. Resolution: The backup directory is no more removed if it has any files or directories entries. PHNE_18907: Ported HP-UX patch PHNE_16546 to VVOS Based on HP-UX patch PHNE_16546: 1. telnet sessions to a hp-ux 11.0 m/c hang occassionaly. 2. While rebooting a system, there was a panic due to telnet. Based on HP-UX patch PHNE_14957: 1. The number of telnet login sessions were limited to 1000 as the member ut_line of utmp structure allowed for device names only 4 characters long. 2. Telnet was detecting the absence of the pseudo device drivers telm and tels, but displayed a message which was not clear. 3. telnetd displays login prompt before system id string. 4. At 11.0 there was a panic due to telnetd. Based on HP-UX patch PHNE_14819: 1. When a block of data is sent the getmsg() returns a M_STARTI message. This condition was not handled in telnetd. Based on HP-UX patch PHNE_14818: 1. System panics when telnet tries to put null data on to the queue. 2. Nullifying the message without freeing mp->b_cont causes memory leak. Based on HP-UX patch PHNE_14424: 1.The streams modules were not properly unlinked when telnetd exited. SR: 8606212875 8606212874 8606188928 8606220839 8606223462 8606209806 8606182980 8606176054 8606157405 8606114446 1653304360 8606145850 8606140594 8606126240 8606134274 8606134275 8606134276 8606134273 5003432294 1653257162 5003454538 4701425793 4701425785 1653248013 5003441964 5003413112 Patch Files: Networking.NET2-KRN,fr=B.11.04,fa=HP-UX_B.11.04_32,v=HP: /usr/conf/lib/libtelnet.a Networking.NET2-KRN,fr=B.11.04,fa=HP-UX_B.11.04_64,v=HP: /usr/conf/lib/libtelnet.a InternetSrvcs.INETSVCS-RUN,fr=B.11.04, fa=HP-UX_B.11.04_32/64,v=HP: /usr/lbin/net_daemons/telnetd OS-Core.CORE-KRN,fr=B.11.04,fa=HP-UX_B.11.04_32/64,v=HP: /usr/conf/h/nvs.h ProgSupport.C-INC,fr=B.11.04,fa=HP-UX_B.11.04_32/64,v=HP: /usr/include/sys/nvs.h InternetSrvcs.INET-ENG-A-MAN,fr=B.11.04, fa=HP-UX_B.11.04_32/64,v=HP: /usr/share/man/man1m.Z/telnetd.1m what(1) Output: Networking.NET2-KRN,fr=B.11.04,fa=HP-UX_B.11.04_32,v=HP: /usr/conf/lib/libtelnet.a: str_telnet.c: PHNE_24762 str_telnet.c $Revision: 1.2.118.6 $ $Date: 2000/06/0 8 10:12:57 $ Networking.NET2-KRN,fr=B.11.04,fa=HP-UX_B.11.04_64,v=HP: /usr/conf/lib/libtelnet.a: str_telnet.c: PHNE_24762 str_telnet.c $Revision: 1.2.118.6 $ $Date: 2000/06/0 8 10:12:57 $ InternetSrvcs.INETSVCS-RUN,fr=B.11.04, fa=HP-UX_B.11.04_32/64,v=HP: /usr/lbin/net_daemons/telnetd: $Revision: Hewlett-Packard ISSL Level vvos_rose42 $ $Header: Hewlett-Packard ISSL Release vvos_r ose $ $Date: Tue Dec 18 17:24:49 EST 2001 $ Copyright (c) 1983, 1986 Regents of the University o f California. $Source: net/INETSVCS/telnetd/telnetd.c, hpuxcmdnet, vvos_rose, rose0264 $ $Date: 01/12/18 15:54 :18 $ $Revision: 1.21.2.10 PATCH_11.04 (PHNE _25971) $ telnetd.c $Revision: 1.29.214.16 $ $Date: 2000/06/08 23:40:02 $ telnetd.c 5.31 (Berkeley) 2/23/89 authenc.c 8.1 (Berkeley) 6/4/93 OS-Core.CORE-KRN,fr=B.11.04,fa=HP-UX_B.11.04_32/64,v=HP: /usr/conf/h/nvs.h: nvs.h: $Revision: 1.4.105.2 $ $Date: 97/04/26 13:50: 52 $ ProgSupport.C-INC,fr=B.11.04,fa=HP-UX_B.11.04_32/64,v=HP: /usr/include/sys/nvs.h: nvs.h: $Revision: 1.4.105.2 $ $Date: 97/04/26 13:50: 52 $ InternetSrvcs.INET-ENG-A-MAN,fr=B.11.04, fa=HP-UX_B.11.04_32/64,v=HP: /usr/share/man/man1m.Z/telnetd.1m: None cksum(1) Output: Networking.NET2-KRN,fr=B.11.04,fa=HP-UX_B.11.04_32,v=HP: 4055240121 34648 /usr/conf/lib/libtelnet.a Networking.NET2-KRN,fr=B.11.04,fa=HP-UX_B.11.04_64,v=HP: 3750023136 69614 /usr/conf/lib/libtelnet.a InternetSrvcs.INETSVCS-RUN,fr=B.11.04, fa=HP-UX_B.11.04_32/64,v=HP: 1396305658 49152 /usr/lbin/net_daemons/telnetd OS-Core.CORE-KRN,fr=B.11.04,fa=HP-UX_B.11.04_32/64,v=HP: 1064391964 2512 /usr/conf/h/nvs.h ProgSupport.C-INC,fr=B.11.04,fa=HP-UX_B.11.04_32/64,v=HP: 1064391964 2512 /usr/include/sys/nvs.h InternetSrvcs.INET-ENG-A-MAN,fr=B.11.04, fa=HP-UX_B.11.04_32/64,v=HP: 1132851469 11001 /usr/share/man/man1m.Z/telnetd.1m Patch Conflicts: None Patch Dependencies: s700: 11.04: PHCO_22931 s800: 11.04: PHCO_22931 Hardware Dependencies: None Other Dependencies: None Supersedes: PHNE_18907 PHNE_19127 PHNE_23027 PHNE_25079 Equivalent Patches: PHNE_24762: s700: 11.00 s800: 11.00 PHNE_24829: s700: 11.11 s800: 11.11 Patch Package Size: 230 KBytes Installation Instructions: Please review all instructions and the Hewlett-Packard SupportLine User Guide or your Hewlett-Packard support terms and conditions for precautions, scope of license, restrictions, and, limitation of liability and warranties, before installing this patch. ------------------------------------------------------------ 1. Back up your system before installing a patch. 2. Login as root. 3. Copy the patch to the /tmp directory. 4. Move to the /tmp directory and unshar the patch: cd /tmp sh PHNE_25971 5. Run swinstall to install the patch: swinstall -x autoreboot=true -x patch_match_target=true \ -s /tmp/PHNE_25971.depot By default swinstall will archive the original software in /var/adm/sw/save/PHNE_25971. If you do not wish to retain a copy of the original software, use the patch_save_files option: swinstall -x autoreboot=true -x patch_match_target=true \ -x patch_save_files=false -s /tmp/PHNE_25971.depot WARNING: If patch_save_files is false when a patch is installed, the patch cannot be deinstalled. Please be careful when using this feature. For future reference, the contents of the PHNE_25971.text file is available in the product readme: swlist -l product -a readme -d @ /tmp/PHNE_25971.depot To put this patch on a magnetic tape and install from the tape drive, use the command: dd if=/tmp/PHNE_25971.depot of=/dev/rmt/0m bs=2k Special Installation Instructions: The 'insf' patch PHCO_19126 (or its superseding patch if any) MUST be installed prior to the installation of this telnetd patch, for this patch to work. Please note, after installation of PHNE_19127 the naming convention for /dev/pts/t* changes from /dev/pts/tnumber to /dev/pts/tcharacter to allow creation of more than 1000 telnet device files. Consequently the first telnetd device file is renamed from /dev/pts/t0 to /dev/pts/ta. NOTE: For getting more user logins, the kernel configuration parameter 'nstrtel' needs to be modified to the desired number and rebuild the kernel. Ensure that the extra telnet pseudo ttys are created by doing 'insf -d tels'. PHNE_25971: 1. Telnetd will timeout and exit if it does not receive either a positive or negative reply to any of the initial option negotiations. The -n option notifies telnetd the timeout value in seconds. Default is 120 seconds. To alter the timeout value, perform the following steps after installing this patch: 1. Edit the /etc/inetd.conf file as: telnet stream tcp nowait root /usr/lbin/telnetd \ telnetd -n Where is the new timeout value in seconds. 2. Make inetd re-read the /etc/inetd.conf configuration file by running the following command on the command line: $ inetd -c