Patch Name: PHNE_26096 Patch Description: s700_800 11.00 telnet kernel and telnetd(1M) patch Creation Date: 02/04/01 Post Date: 02/04/26 Repost: 02/11/28 The Special Installation Instructions section was modified to include the manual steps necessary to fully implement the fix for Service Request 8606220839 (JAGad89975). Hardware Platforms - OS Releases: s700: 11.00 s800: 11.00 Products: N/A Filesets: Networking.NET2-KRN,fr=B.11.00,fa=HP-UX_B.11.00_32,v=HP Networking.NET2-KRN,fr=B.11.00,fa=HP-UX_B.11.00_64,v=HP InternetSrvcs.INETSVCS-RUN,fr=B.11.00,fa=HP-UX_B.11.00_32/64,v=HP OS-Core.CORE-KRN,fr=B.11.00,fa=HP-UX_B.11.00_32/64,v=HP ProgSupport.C-INC,fr=B.11.00,fa=HP-UX_B.11.00_32/64,v=HP InternetSrvcs.INET-ENG-A-MAN,fr=B.11.00,fa=HP-UX_B.11.00_32/64,v=HP Automatic Reboot?: Yes Status: General Release Critical: Yes PHNE_26096: MEMORY_LEAK PHNE_22159: HANG MEMORY_LEAK Memory leak in telnetd PHNE_21952: HANG Memory leak in telnetd PHNE_20936: PANIC If minor number exceeds boundary value system panics. PHNE_16546: PANIC While rebooting the system, telnet caused a panic. PHNE_14957: PANIC 1. There was occasional system panics due to telnetd. PHNE_14818: PANIC System panics with a data page fault. PHNE_14424: HANG 1. The telnet sub system is completely unusable. Category Tags: defect_repair enhancement general_release critical panic halts_system memory_leak Path Name: /hp-ux_patches/s700_800/11.X/PHNE_26096 Symptoms: PHNE_26096: 1. SR 8606238651 / CR JAGae07675: If telnet is invoked with the "-f" or "-F" option or using the TACACS mechanism, the TERM environment variable may not be set. 2. SR 8606230839 / CR JAGae00077: Credential forwarding to telnetd fails in DCE environment. 3. SR 8606232804 / CR JAGae02032: Provide a command line option in telnetd to close the telnet connection when "stty 0" command is executed. 4. SR 8606236626 / CR JAGae05679: Memory leak in telnet multiplexor. PHNE_24762: SR 8606212875 / CR JAGad82062 1. Buffer handling in telnetd needs to be enhanced. SR 8606212874 / CR JAGad82061 2. Telnetd has a service issue. SR 8606188928 / CR JAGad58144 3. While transferring huge amount of data at high speed, telnetd adds extra null characters to the byte stream, thereby breaking the application. SR 8606220839 / CR JAGad89975 4. Incorrect records might be written into /etc/utmpx by telnetd when it exits. SR 8606223462 / CR JAGad92559 5. telnetd is not working properly in kerberos environment. SR 8606209806 / CR JAGad78992 6. swverify logs error messages for telnetd manpage after installing 11.00 install media. PHNE_22159: SR 8606182980 / CR JAGad52196 1. telnetd does not close connection if stty 0 is given. SR 8606176054 / CR JAGad45294 2. Memory leak as telnetd does not manage telnet queues properly. SR 8606157405 / CR JAGad26736 3. telnet daemon sets the pty speed to 0 if the telnet client speed is > 38400 SR 8606114446 / CR JAGac29210 4. telnet hangs with "Reflection", a terminal emulation software used by Windows telnet client. SR 1653304360 / CR JAGab16743 5. Single byte write to DTC over telnet degraded by 10.20 to 11.0 update PHNE_21952: SR 8606145850 / JAGad15186: 1. Memory leak in telnetd. PHNE_21822: SR 8606140594 / JAGad09955: 1. Telnetd connection fails intermittently with a message in syslog which says "Baud Rate set to 0, connection closed" SR 8606126240 / JAGac56805: 2. Intermittent telnetd connection failure due to unflushed pty CR JAGab21120: 3. When a system is cold installed with May 1999 Extension Pack(9905) and later removed, telnet stops functioning. PHNE_20936: SR 8606134274 / CR JAGab75328: 1. telnetd does not close connection if stty 0 is given. SR 8606134275 / CR JAGab70058: 2. 11.0 telnetd: TELS/TELM driver code needs to include flow-control checks. SR 8606134276 / CR JAGab53771: 3. panic in telnets_open when minor number passed is beyond nstrtel value. SR 8606134273 / CR JAGab50706: 4. Memory leak in telnet streams module. PHNE_19298: 1. Inetd gives the error message "telnet/tcp:bind:Address already in use". 2. No help to generate telnet pty files. PHNE_18527: 1. Misaligned error messages in log files while installing the telnetd patch PHNE_14957. 2. Bad system call in the postinstall script. 3. Backup directory should not be created under /dev/pts. 4. Backup directory should not be removed if not empty. PHNE_16546: 1. At hp-ux 11.0 telnet connections hang in connection phase. 2. While rebooting a system, there was a panic due to telnet. PHNE_14957: 1. utmp file format limits number of telnet login sessions to 1000. 2. Telnet should detect that the pseudo drivers telm and tels are not in kernel. 3. telnetd displays login prompt before system id string. 4. At 11.0 there was a panic due to telnetd. PHNE_14819: 1. Sending a block of data over telnet connection causes it to close PHNE_14818: 1. Telnet causes system panic in putbq telnet_route_data on a 11.0 system. 2. memory leak in telnet. PHNE_14424: 1.inetd failed to fork telnetd with the error, "telnet/tcp: bind: Address already in use". Defect Description: PHNE_26096: 1. SR 8606238651 / CR JAGae07675: Description: telnetd execs login with improperly ordered arguments due to which the TERM environment variable, if present, is ignored by login. Resolution: The exec arguments are now passed in the correct order. 2. SR 8606230839 / CR JAGae00077: Description: k5dcelogin expects the environment variable KRB5CCNAME to be set by telnetd. But telnetd passes the KRB5CCNAME variable only in the argument list of the execl(2) and not in the environment list. Resolution: The KRB5CCNAME variable is now put in the environment list also and hence the credentials are forwarded properly. 3. SR 8606232804 / CR JAGae02032: Description: Provide a command line option in telnetd to close the telnet connection when "stty 0" command is executed. Resolution: A command line option "-y" is provided in telnetd to close the telnet connection when "stty 0" command is executed. 4. SR 8606236626 / CR JAGae05679: Description: Only the first message block of the STREAMS message was freed in the kernel telnet. The remaining message blocks in the STREAMS message caused memory leak. Resolution: All the message blocks of the STREAMS message are now freed. PHNE_24762: SR 8606212875 / CR JAGad82062 1. Buffer handling in telnetd needs to be enhanced. Resolution: Code changes have been made to fix it. SR 8606212874 / CR JAGad82061 2. Telnetd has a service issue. Resolution: Code changes have been made to fix it. SR 8606188928 / CR JAGad58144 3. While transferring the byte stream at high speed, the character 0x0d which is not followed by 0x0a is appended with multiple 0x0 characters instead of a single 0x0 character. Resolution: Handling of flow control has been modified to solve this problem. SR 8606220839 / CR JAGad89975 4. telnetd might write a duplicate record into /etc/utmpx when the _pututline() api is interrupted by a signal. Resolution: Signals are blocked before calling _pututline() and enabled after the _pututline() api is succeeded. SR 8606223462 / CR JAGad92559 5. telnetd uses a libsis.sl api krb5_mk_rep() which has four arguments but telnetd is coded to pass three arguments which resulted in the failure of the api. A workaround was made to telnetd to pass four arguments to the api. In the latest libsis patch PHSS_23710, the api krb5_mk_rep() is corrected so that it accepts three arguments and the workaround in telnetd needs to be removed. Resolution: Workaround in telnetd code has been removed. telnetd now passes three arguments to the krb5_mk_rep() api. SR 8606209806 / CR JAGad78992 6. The /sbin/init.d/inetsvcs script combines the kerberos and non-kerberos manpages, eventhough it is already combined. Resolution: The patch scripts have been modified to ensure that /sbin/init.d/inetsvcs script will not combine the kerberos and non-kerberos manpages. PHNE_22159: SR 8606182980 / CR JAGad52916 1. Setting stty 0 results in zero byte msgblk which was ignored. Resolution: stty 0 results in zero byte msgblk which is now processed to close the telnet connection. SR 8606176054 / CR JAGad45294 2. If the connection is closed while telnet is doing option negotiation, memory is not freed. Resolution: Code has been modified to free memory whenever connection is closed. SR 8606157405 / CR JAGad26736 3. If any telnet client requests for baud rate > 38400, the telnet daemon resets the value. Resolution: If any request for Baud rate arrives, which is greater than the maximum, i.e 38400, then the telnet daemon resets the Baud rate value to the lowest value instead of setting it to zero. SR 8606114446 / CR JAGac29210 4. While displaying quite large files using "Reflection", a terminal emulation software, the application hangs. Resolution: Flow control has been properly enabled which solved this problem. SR 1653304360 / CR JAGab16743 5. With TCP_NODELAY option, single byte packets from telnetd clogged the network. Resolution: Buffering is implemented in telnetd so that it no more writes single byte packets to the network. PHNE_21952: SR 8606145850 / JAGad15186: 1. Memory chunks are not freed when telnet exits. Resolution: Steps have been taken to free unwanted memory and the code has been modified accordingly. PHNE_21822: SR 8606140594 / JAGad09955: 1. Telnetd connections occasionally get closed. This problem is found in patch PHNE_20936 where the fix for 8606140594 generates this wrong behaviour. The fix for 8606140594 has been removed in this patch. Resolution: The fix for 8606140594 has been removed and the problem is avoided. SR 8606126240 / JAGac56805: 2. Telnetd connections intermittently failed because it ended up using an active pty instead of procuring a free pty. Resolution: The root cause was because of persistent links in the streams. Telnetd creates only non-persistent links now and thereby solves the problem of ending up using same pty across different connections. CR JAGab21120: 3. When May 1999 Extension Pack(9905) is cold installed and later removed, telnetd looks for old device files and since those files are not present, telnetd ceases to work. Resolution: We are providing a warning in the patch script alerting the user to run /sbin/insf manually to regenerate the device files if for any reason the script fails to do so and thereby avoids potential problems that could arise because of old file names versus new file names. PHNE_20936: 1. Setting stty 0 results in zero byte msgblk which was ignored. Resolution: stty 0 results in zero byte msgblk which is now processed to close the telnet connection. 2. TELS/TELM code needed flow control checks. Resolution: Flow control related checks have been introduced. 3. If minor number exceeds boundary value, system panics. Resolution: Boundary check for minor number values is introduced. 4. telnet streams module fails to free some memory. Resolution: Code has been modified to free unwanted allocated memory chunks. PHNE_19298: 1. As telnetd was exiting without unlinking the persistent links, inetd was unable to spawn telnetd and it displayed the error message. Resolution: The code has been modified so that telnetd unlinks all the persistent links before exiting. 2. Patch scripts do not provide enough information to create telnet pty files. Resolution: The postremove script has been modified to include details for generating telnet pty files. PHNE_18527: 1. Error messages from the control scripts of PHNE_14957 were not properly aligned in the log files. Resolution: The scripts have been modified to properly align the error messages in the log files by ensuring that the messages begin from tenth column. 2. postinstall script was running insf command which is not encouraged. Resolution: insf command should be run to create telnet tty files. This command should not be run from the postinstall script but should be done from configure script because in an OS update scenario this can result in core dump. 3. Patch script creates a backup directory to save the existing telnet tty files which should not be done in /dev/pts. Resolution: The backup directory is not created anymore under /dev/pts. The directory is created now under /var/adm/sw. 4. Patch script removes the backup directory though it was not empty. Resolution: The backup directory is no more removed if it has any files or directories entries. PHNE_16546: 1. telnet sessions to a hp-ux 11.0 m/c hang occassionaly. 2. While rebooting a system, there was a panic due to telnet. PHNE_14957: 1. The number of telnet login sessions were limited to 1000 as the member ut_line of utmp structure allowed for device names only 4 characters long. 2. Telnet was detecting the absence of the pseudo device drivers telm and tels, but displayed a message which was not clear. 3. telnetd displays login prompt before system id string. 4. At 11.0 there was a panic due to telnetd. PHNE_14819: 1. When a block of data is sent the getmsg() returns a M_STARTI message. This condition was not handled in telnetd. PHNE_14818: 1. System panics when telnet tries to put null data on to the queue. 2. Nullifying the message without freeing mp->b_cont causes memory leak. PHNE_14424: 1.The streams modules were not properly unlinked when telnetd exited. SR: 8606238651 8606230839 8606232804 8606236626 8606212875 8606212874 8606188928 8606220839 8606223462 8606209806 8606182980 8606176054 8606157405 8606114446 1653304360 8606145850 8606140594 8606126240 8606134274 8606134275 8606134276 8606134273 5003432294 1653257162 5003454538 4701425793 4701425785 1653248013 5003441964 5003413112 Patch Files: Networking.NET2-KRN,fr=B.11.00,fa=HP-UX_B.11.00_32,v=HP: /usr/conf/lib/libtelnet.a Networking.NET2-KRN,fr=B.11.00,fa=HP-UX_B.11.00_64,v=HP: /usr/conf/lib/libtelnet.a InternetSrvcs.INETSVCS-RUN,fr=B.11.00, fa=HP-UX_B.11.00_32/64,v=HP: /usr/lbin/telnetd OS-Core.CORE-KRN,fr=B.11.00,fa=HP-UX_B.11.00_32/64,v=HP: /usr/conf/h/nvs.h ProgSupport.C-INC,fr=B.11.00,fa=HP-UX_B.11.00_32/64,v=HP: /usr/include/sys/nvs.h InternetSrvcs.INET-ENG-A-MAN,fr=B.11.00, fa=HP-UX_B.11.00_32/64,v=HP: /usr/share/man/man1m.Z/telnetd.1m what(1) Output: Networking.NET2-KRN,fr=B.11.00,fa=HP-UX_B.11.00_32,v=HP: /usr/conf/lib/libtelnet.a: str_telnet.c: PHNE_26096 str_telnet.c $Revision: 1.2.118.6 $ $Date: 2000/06/0 8 10:12:57 $ Networking.NET2-KRN,fr=B.11.00,fa=HP-UX_B.11.00_64,v=HP: /usr/conf/lib/libtelnet.a: str_telnet.c: PHNE_26096 str_telnet.c $Revision: 1.2.118.6 $ $Date: 2000/06/0 8 10:12:57 $ InternetSrvcs.INETSVCS-RUN,fr=B.11.00, fa=HP-UX_B.11.00_32/64,v=HP: /usr/lbin/telnetd: Copyright (c) 1983, 1986 Regents of the University o f California. Patch ID: PHNE_26096 telnetd.c $Revision: 1.29.214.16 $ $Date: 2000/06/08 23:40:02 $ telnetd.c 5.31 (Berkeley) 2/23/89 authenc.c 8.1 (Berkeley) 6/4/93 OS-Core.CORE-KRN,fr=B.11.00,fa=HP-UX_B.11.00_32/64,v=HP: /usr/conf/h/nvs.h: nvs.h: $Revision: 1.4.105.2 $ $Date: 97/04/26 13:50: 52 $ ProgSupport.C-INC,fr=B.11.00,fa=HP-UX_B.11.00_32/64,v=HP: /usr/include/sys/nvs.h: nvs.h: $Revision: 1.4.105.2 $ $Date: 97/04/26 13:50: 52 $ InternetSrvcs.INET-ENG-A-MAN,fr=B.11.00, fa=HP-UX_B.11.00_32/64,v=HP: /usr/share/man/man1m.Z/telnetd.1m: None cksum(1) Output: Networking.NET2-KRN,fr=B.11.00,fa=HP-UX_B.11.00_32,v=HP: 2134651930 33304 /usr/conf/lib/libtelnet.a Networking.NET2-KRN,fr=B.11.00,fa=HP-UX_B.11.00_64,v=HP: 3739876074 68334 /usr/conf/lib/libtelnet.a InternetSrvcs.INETSVCS-RUN,fr=B.11.00, fa=HP-UX_B.11.00_32/64,v=HP: 3221483492 94208 /usr/lbin/telnetd OS-Core.CORE-KRN,fr=B.11.00,fa=HP-UX_B.11.00_32/64,v=HP: 1064391964 2512 /usr/conf/h/nvs.h ProgSupport.C-INC,fr=B.11.00,fa=HP-UX_B.11.00_32/64,v=HP: 1064391964 2512 /usr/include/sys/nvs.h InternetSrvcs.INET-ENG-A-MAN,fr=B.11.00, fa=HP-UX_B.11.00_32/64,v=HP: 1908599074 9812 /usr/share/man/man1m.Z/telnetd.1m Patch Conflicts: None Patch Dependencies: s700: 11.00: PHCO_17090 PHCO_17622 s800: 11.00: PHCO_17090 PHCO_17622 Hardware Dependencies: None Other Dependencies: The libsis.sl patch PHSS_23710 should be installed for the fix of JAGad92559 to work properly. Supersedes: PHNE_14424 PHNE_14818 PHNE_14819 PHNE_14957 PHNE_16546 PHNE_18527 PHNE_19298 PHNE_20936 PHNE_21822 PHNE_21952 PHNE_22159 PHNE_24762 Equivalent Patches: None Patch Package Size: 280 KBytes Installation Instructions: Please review all instructions and the Hewlett-Packard SupportLine User Guide or your Hewlett-Packard support terms and conditions for precautions, scope of license, restrictions, and, limitation of liability and warranties, before installing this patch. ------------------------------------------------------------ 1. Back up your system before installing a patch. 2. Login as root. 3. Copy the patch to the /tmp directory. 4. Move to the /tmp directory and unshar the patch: cd /tmp sh PHNE_26096 5. Run swinstall to install the patch: swinstall -x autoreboot=true -x patch_match_target=true \ -s /tmp/PHNE_26096.depot By default swinstall will archive the original software in /var/adm/sw/save/PHNE_26096. If you do not wish to retain a copy of the original software, include the patch_save_files option in the swinstall command above: -x patch_save_files=false WARNING: If patch_save_files is false when a patch is installed, the patch cannot be deinstalled. Please be careful when using this feature. For future reference, the contents of the PHNE_26096.text file is available in the product readme: swlist -l product -a readme -d @ /tmp/PHNE_26096.depot To put this patch on a magnetic tape and install from the tape drive, use the command: dd if=/tmp/PHNE_26096.depot of=/dev/rmt/0m bs=2k Special Installation Instructions: The 'insf' patch PHCO_17090 (or its superseding patch if any) MUST be installed prior to the installation of this telnetd patch, for this patch to work. Please note, after installation of PHNE_14957 the naming convention for /dev/pts/t* changes from /dev/pts/tnumber to /dev/pts/tcharacter to allow creation of more than 1000 telnet device files. Consequently the first telnetd device file is renamed from /dev/pts/t0 to /dev/pts/ta. NOTE: For getting more user logins, the kernel configuration parameter 'nstrtel' needs to be modified to the desired number and rebuild the kernel. Ensure that the extra telnet pseudo ttys are created by doing 'insf -d tels'. On trusted systems, the telnetd patch has a dependency on the libsec patch PHCO_17622( or later) also apart from the insf patch PHCO_17090 (or later). Thus, on trusted systems before installing the telnetd patch, please ensure that the libsec patch PHCO_17622 (or later) and the insf patch PHCO_17090 (or later) are installed to generate device file names similar to telnetd. Please note that the dependency on PHCO_17622 ( or later ) is applicable only for trusted systems. PHNE_24762: 1. Telnetd will timeout and exit if it does not receive either a positive or negative reply to any of the initial option negotiations. The -n option notifies telnetd the timeout value in seconds. Default is 120 seconds. To alter the timeout value, perform the following steps after installing this patch: 1. Edit the /etc/inetd.conf file as: telnet stream tcp nowait root /usr/lbin/telnetd \ telnetd -n Where is the new timeout value in seconds. 2. Make inetd re-read the /etc/inetd.conf configuration file by running the following command on the command line: $ inetd -c 2. PHNE_24762 contains a fix for the telnetd code defect described in SR: 8606220839 (JAGad89975) - telnetd writes to the wrong entry in /etc/utmpx on logout. Although the SR: 8606220839 (JAGad89975) fix will prevent any further corruption of /etc/utmpx(4), installing PHNE_24762 will not correct any existing corruption in the /etc/utmp(4) or /etc/utmpx(4) files. Therefore if you are installing PHNE_24762 to fix the SR: 8606220839 (JAGad89975) defect, to completely resolve the problem you must also ensure that the /etc/utmp and /etc/utmpx files are cleared of any previous corruption caused by this defect. The /etc/utmp and /etc/utmpx files may be cleared using the following procedure: Before installing PHNE_24762 insert two lines into the /etc/inittab(4) file as follows, then save /etc/inittab and continue the PHNE_24762 patch installation. init:3:initdefault: utm1::sysinit:> /etc/utmp # clear current logon \ accounting files utm2::sysinit:> /etc/utmpx # clear current login \ accounting files After PHNE_24762 is installed and the system rebooted, you may delete the above two entries from /etc/inittab or retain them. In the latter case, /etc/utmp and /etc/utmpx will be cleared every time the system is rebooted. NOTE: The above steps are only required if the problem described in SR: 8606220839 (JAGad89975) exists on the system where PHNE_24762 is being installed. PHNE_26096: A new command line option -y is provided in telnetd to enable a feature, which causes closure of telnet connection when "stty 0" command is executed. By default, this feature remains desabled. If option -y is not specified on telnetd command line, telnetd will not close the telnet connection upon execution of "stty 0" command. To enable this feature, perform the following steps after installing this patch: 1. Edit the /etc/inetd.conf file as: telnet stream tcp nowait root /usr/lbin/telnetd telnetd -y Where -y is the new command line option. 2. Make inetd re-read the /etc/inetd.conf configuration file by running the following command on the command line: # inetd -c