Patch Name: PHNE_28828 Patch Description: s700_800 11.00 bootpd(1M)/DHCP, tftp(1) and tftpd(1M) patch Creation Date: 03/10/30 Post Date: 04/02/25 Hardware Platforms - OS Releases: s700: 11.00 s800: 11.00 Products: N/A Filesets: InternetSrvcs.INETSVCS-BOOT,fr=B.11.00,fa=HP-UX_B.11.00_32/64,v=HP InternetSrvcs.INET-ENG-A-MAN,fr=B.11.00,fa=HP-UX_B.11.00_32/64,v=HP InternetSrvcs.INETSVCS-INC,fr=B.11.00,fa=HP-UX_B.11.00_32/64,v=HP Automatic Reboot?: No Status: General Release Critical: Yes PHNE_28828: MEMORY_LEAK ABORT Category Tags: defect_repair enhancement general_release critical halts_system memory_leak Path Name: /hp-ux_patches/s700_800/11.X/PHNE_28828 Symptoms: PHNE_28828: 1) CR JAGad39987 / SR 8606170723 : When dhcptools is used to trace the DHCP packets, hostname does not appear properly in the /tmp/dhcptrace file. 2) CR JAGad39999 / SR 8606170735 : The "dhcptools -d" command dumps 0.0.0.0 instead of the specified reserved address in the /tmp/dhcp.dump.other file. 3) CR JAGad40007 / SR 8606170743 : bootpd does not parse invalid IP addresses in the /etc/dhcptab file properly. 4) CR JAGad40010 / SR 8606170746 : bootpd does not parse invalid octal number properly in the /etc/dhcptab file. 5) CR JAGad39835 / SR 8606170571 : The dhcpclient does not start when the number of physical and virtual LAN interfaces is greater than 36. 6) CR JAGad52870 / SR 8606183657 : bootpd dies on signal 11 when a DHCP client sends a duplicate request for lease. 7) CR JAGad91859 / SR 8606222748 : bootpd fills the syslog file with unnecessary bootsize information. 8) CR JAGae16142 / SR 8606249756 : bootpd does not relay the request for group relay entries using the hardware address mask. 9) CR JAGae30333 / SR 8606266080 : bootp dies on Signal 11 under certain circumstances. 10) CR JAGae49090 / SR 8606285149 : The T176 option in the /etc/dhcptab file is limited to 61 characters of data. 11) CR JAGae49874 / SR 8606285933 : bootpd leaks memory for every processed packet. 12) CR JAGae50734 / SR 8606286795 : bootpd releases the declined IP address. 13) CR JAGae58206 / SR 8606294509 : under certain circumstances, the PING functionality in bootpd does not work properly. 14) CR JAGae71679 / SR 8606308645 : bootpd leaks memory during DHCPOFFER. 15) CR JAGae73843 / SR 8606310985 : PXE clients fail to boot up when they receive the class identifier option (Option 60) from the DHCP server. 16) CR JAGad25107 / SR 8606155794 : tftpd does not function properly in a service guard environment. 17) CR JAGae09213 / SR 8606241958 : While transferring a file using the "put" command, tftpd fails with "Option negotiation error" in a system with large available disk space. 18) CR JAGae60488 / SR 8606296939: Under certain circumstances, tftpd can cause performance problem. 19) CR JAGae76149 / SR 8606313351 : tftpd does not reply under certain circumstances. 20) CR JAGae80695 / SR 8606318163 : tftpd exits under certain circumstances. 21) CR JAGae89237 / SR 8606326973 : Child tftpd process exits with SIGBUS error under certain circumstances. PHNE_19241: 1. JAGaa26728 / SR#5003329854 : dhcptools does not work with bootpd running in standalone mode. 2. JAGab37715 / SR#8606138062: bootpd and bootpquery does not start if a host has more than 10 network interfaces. 3. JAGaa93203 / SR#5003451617 : bootpd overwrites permanent and in-use ARP cache entry. 4. JAGab46322 / SR#8606108426 : If there is no dhcptab file and there is an entry for the client in the bootptab file, then dhcpclient is unable to boot from the dhcp/bootp server. 5. JAGab20819 / SR#5003462960 : When a server puts the lease option at the end of the option list, the lease is ignored and the offer is discarded by the dhcpclient. PHNE_17829: 1. Format error in message that is logged into /var/adm/sw/swagent.log. 2. Incorrect hardware type for a bootptab client causes bootpd to die. 3. Bootpd sends BOOTREPLY even when hlen in BOOTREQUEST is not correct. PHNE_16200: 1. Bootpd dies when receives message with bad hardware type. 2. /etc/dhcpdb file created with incorrect permissions. 3. Bootpd messages filling up syslog.log. 4. Bootpd does not check for parameters. 5. DHCP callback parameters are inconsistent. 6. Bootpd does not create temporary files properly. 7. DHCP server sometimes gives out duplicate addresses and does not renew lease properly. 8. Bootpd manpages does not document minimum acceptable values for lease renewal and rebind times. 9. Bootpd manpage does not show lease renewal and rebind times in percentages. 10. "to=auto" in bootptab returns incorrect offset. PHNE_25355: JAGad76007 / SR 8606206834: Enhancement Request for the implementation of the option negotiation (RFC 2347, RFC 2348 & RFC 2349) in tftp client and server. JAGaa43182 / SR 1653282673: In heavily loaded systems, tftp client aborts intermittently with the error message, "recvfile: sendto: No buffer space available". JAGaa40903 / SR 1653277657: tftp does not timeout properly when remote host belongs to an unreachable network. JAGaa27084 / SR 5003418400: tftp can "get" files of size greater than 32MB, but times out when using "put" command on files of size greater than 32MB. JAGaa26788 / SR 8606227515: tftp does not behave properly in some cases when the client tries to contact the server. Defect Description: PHNE_28828: 1) CR JAGad39987 / SR 8606170723 : Description: As the hostname string was not null terminated, the hostname was not appearing properly in the DHCP packet trace. Resolution: bootpd code has been modified to terminate the hostname string with a null character. 2) CR JAGad39999 / SR 8606170735 : Description: bootpd does not store the reserved IP address. Therefore, the "dhcptools -d" command dumps the default value 0.0.0.0 for the reserved IP address in the /tmp/dhcp.dump.other file. Resolution: The "dhcptools -d" command now dumps the reserved IP address properly. 3) CR JAGad40007 / SR 8606170743 : Description: bootpd does not parse invalid IP address in the /etc/dhcptab file which may lead to improper functioning of bootpd. Resolution: bootpd now parses invalid IP address properly and reports the appropriate error message. 4) CR JAGad40010 / SR 8606170746 : Description: bootpd accepts and incorrectly parses invalid octal numbers containing the invalid digits 8 and 9 in the /etc/dhcptab file which may lead to improper functioning of bootpd. Resolution: bootpd now parses octal addresses properly. 5) CR JAGad39835 / SR 8606170571 : Description: The static buffer size of the dhcpclient is 15 KB and it can accommodate interface details of only 36 LAN interfaces. Therefore, the interface list is truncated when the number of LAN interfaces exceeds 36. The dhcpclient exits when it does not find a specified LAN interface in the interface list. Resolution: The dynamically allocated buffer is now used to store the interface details when the static buffer size of 15 KB is not sufficient. 6) CR JAGad52870 / SR 8606183657 : Description: When a DHCP client sends a duplicate request for lease, bootpd tries to insert the duplicate entry in the internal hash table. When bootpd fails to insert the duplicate entry, it wrongly tries to free the pointer to the static structure instead of the dynamically allocated structure memory pointer, and dies with signal 11. Resolution: bootpd now frees the dynamically allocated structure memory pointer instead of the static structure pointer. 7) CR JAGad91859 / SR 8606222748 : Description: bootpd fills up the syslog file with misplaced and unnecessary bootsize information at LOG_ERR level. Resolution: The unnecessary syslog message for bootsize information has now been removed from bootpd. 8) CR JAGae16142 / SR 8606249756 : Description: bootpd attempts to store the hardware address mask in an improper variable type which results in overflow of the hardware address mask and improper functioning of bootpd. Resolution: bootpd now parses and stores the hardware address mask properly. 9) CR JAGae30333 / SR 8606266080 : Description: bootp dies on Signal 11 under certain circumstances. Resolution: bootpd code has been modified to fix the problem. 10) CR JAGae49090 / SR 8606285149 : Description: bootpd limits the T176 option in the /etc/dhcptab file to 61 characters of data. Resolution: The T176 option can now contain 255 characters of data. 11) CR JAGae49874 / SR 8606285933 : Description: bootpd dynamically allocates memory for certain fields in the host information structure. But, the memory is not freed after the host information is processed. Resolution: bootpd now frees the dynamically allocated memory for individual fields, after processing the host information. 12) CR JAGae50734 / SR 8606286795 : Description: bootpd releases declined leases under certain circumstances. Resolution: Code has been modified to rectify the problem. 13) CR JAGae58206 / SR 8606294509 : Description: bootpd uses the PING functionality to detect duplicate IP addresses before offering an IP address to the DHCP client. Under certain circumstances, bootpd does not handle the PING packets properly. Resolution: A command-line option "-p" has now been provided in bootpd to specify the PING timeout period. The PING reply times out when bootpd does not receive a valid PING reply within the specified timeout period. See bootpd(1m) manpage for details. 14) CR JAGae71679 / SR 8606308645 : Description: During DHCPOFFER, bootpd dynamically allocates memory for the hostname but does not free the memory after processing the hostname. Resolution: bootpd now frees the dynamically allocated memory for the hostname. 15) CR JAGae73843 / SR 8606310985 : Description: When a PXE client receives a class identifier option from the DHCP server, the PXE client tries to boot up using the Proxy DHCP server. In absence of an appropriate Proxy DHCP server, the PXE client fails to boot up. Resolution: A configuration option 'ncid' is now available in the /etc/dhcptab file that instructs bootpd to drop the class identifier option in the reply message. This helps PXE clients to boot up using the normal DHCP server instead of the Proxy DHCP server. 16) CR JAGad25107 / SR 8606155794 : Description: When a request is sent to an alias IP address in a Service-Guard environment, tftpd replies with the primary IP address in the source IP address field. Certain tftp clients reject such a reply. Resolution: A new option "-s" has been added to enable tftpd to function properly in service guard environment. However, inetd.sec feature may not work properly when Service-Guard fix is enabled using "-s" option. 17) CR JAGae09213 / SR 8606241958 : Description: When the "tsize" option is set in a system with large available disk space, tfptd fails with "Option negotiation error" during a "put" operation. Resolution: tftpd now works properly for the "put" operation, with "tsize" option set,in a system with large available disk space. 18) CR JAGae60488 / SR 8606296939: Description: Under certain circumstances, tftpd can cause performance problems. Resolution: The tftpd performance problem has now been rectified. 19) CR JAGae76149 / SR 8606313351 : Description: tftpd does not respond under certain circumstances. Resolution: tftpd now responds properly. 20) CR JAGae80695 / SR 8606318163 : Description: tftpd exits under certain circumstances. Resolution: tftpd now functions properly. 21) CR JAGae89237 / SR 8606326973 : Description: Child tftpd process exits with SIGBUS error under certain circumstances. Resolution: tftpd code has been modified to fix the problem and to send a negative acknowledgement to the client. PHNE_19241: 1. JAGaa26728 / SR#5003329854 : dhcptools was not working in standalone mode as a variable was being set before the socket descriptor was assigned any value. Resolution: The variable setting is done after the socket descriptor has been assigned a value. 2. JAGab37715 / SR#8606138062 : bootpd and bootpquery does not start if the host has more than 10 network interfaces because the limit was set to 10. Resolution: SMALL NUMBER OF INTERFACES limit has been increased from 10 to 32 and if the number of network interfaces in a host exceeds 32, the limit is switched to LARGE NUMBER OF INTERFACES which is 2000. 3. JAGaa93203 / SR#5003451617 : bootpd was blindly overwriting the ARP cache entry without checking if it was a permanent and in-use entry. Resolution: The ARP cache entry is checked to see whether it is permanent and in-use. If it is so, it is not overwritten. 4. JAGab46322 / SR#8606108426 : If there is no dhcptab file and there is an entry for the client in the bootptab file, bootpd was reallocating minimum lease period of 60 seconds to bootp client which was already allocated infinite lease. HP-UX dhcpclient rejects lease period less than 120 seconds. Resolution: bootpd has now been prevented from reallocating lease to bootp clients, which had already been given infinite lease. 5. JAGab20819 / SR#5003462960 : Option list in the offer was not being processed properly by dhcpclient which lead to absence of lease tag in the option list and rejection of offer by the dhcpclient. Resolution: The handling of the option string by dhcpclient was modified to correct the problem. PHNE_17829: 1. The message logged to the /var/adm/sw/swagent.log file was not formatted. 2. The BOOTREQUEST message was not checked for correct htype value before processing the message. 3. The BOOTREQUEST message was not checked for correct hlen value before processing the message. Resolution: 1. The formatted message is logged into the swagent.log. 2. Bootpd validates the BOOTREQUEST message and does not reply if the message has incorrect htype value. 3. Bootpd checks for the correct hlen value in BOOTREQUEST message and does not reply if it is incorrect. PHNE_16200: 1. Bootpd dies when receives message with bad hardware type. 2. Bad umask when creating /etc/dhcpdb. 3. BOOTPD messages filling up syslog.log. 4. Bootpd does not check for parameters. 5. ER: make DHCP callback parameters consistent. 6. Bootpd does not create temporary files properly. 7. DHCP returning duplicate IP addresses. NOT RENEWING LEASES. 8. Bootpd manpages does not document minimum acceptable values for lease renewal and rebind times. 9. Bootpd manpage does not show lease renewal and rebind times in percentages. 10. DHCP returns a 0 time offset if "to=auto" is used in bootptab. PHNE_25355: JAGad76007 / SR 8606206834: Enhancement Request for the implementation of the option negotiation (RFC 2347, RFC 2348 & RFC 2349) in tftp client and server. Resolution: tftp( client & server) code has been modified to implement the tsize, blksize and timeout options as per the above-specified RFCs. JAGaa43182 / SR 1653282673: In heavily loaded systems, tftp client aborts intermittently, as it does not check the error condition ENOBUFS. Resolution: The code has been modified to check the error condition ENOBUFS. JAGaa40903 / SR 1653277657: tftp does not count ENETUNREACH in it's timeout counter. Resolution: tftp client now times out properly when remote host belongs to an unreachable network. JAGaa27084 / SR 5003418400: The "put" command in tftp was failing for files of size greater than 32MB, as the block number counter was not handled properly. Resolution: The tftp code has been modified to handle the block number counter properly. JAGaa26788 / SR 8606227515: tftp does not behave properly in some cases when the client tries to contact the server. Resolution: The tftp code has been modified to resolve this problem. Enhancement: No (superseded patches contained enhancements) PHNE_25355: CR JAGad76007 / SR 8606206834 - This is an enhancement to support option negotiation (RFC 2347, RFC 2348 and RFC 2349) in tftp client and server. SR: 5003329854 8606138062 5003451617 8606108426 5003462960 8606336696 4701415463 4701422261 5003443697 5003435206 8606336695 8606336694 8606336680 8606336693 5003401000 5003391193 5003390955 5003330167 8606206834 1653282673 1653277657 5003418400 8606227515 8606170723 8606170735 8606170743 8606170746 8606170571 8606183657 8606222748 8606249756 8606266080 8606285149 8606285933 8606286795 8606294509 8606308645 8606310985 8606155794 8606241958 8606296939 8606313351 8606318163 8606326973 Patch Files: InternetSrvcs.INETSVCS-BOOT,fr=B.11.00, fa=HP-UX_B.11.00_32/64,v=HP: /usr/lbin/tftpd /usr/bin/tftp /usr/share/doc/tftp_ER.txt /usr/lbin/bootpd /usr/lbin/dhcpclient /usr/sbin/bootpquery /usr/sbin/dhcptools /usr/lib/libdhcp.1 /usr/newconfig/etc/dhcptab InternetSrvcs.INET-ENG-A-MAN,fr=B.11.00, fa=HP-UX_B.11.00_32/64,v=HP: /usr/share/man/man1.Z/tftp.1 /usr/share/man/man1m.Z/tftpd.1m /usr/share/man/man1m.Z/bootpd.1m InternetSrvcs.INETSVCS-INC,fr=B.11.00, fa=HP-UX_B.11.00_32/64,v=HP: /usr/include/arpa/tftp.h what(1) Output: InternetSrvcs.INETSVCS-BOOT,fr=B.11.00, fa=HP-UX_B.11.00_32/64,v=HP: /usr/lbin/bootpd: Copyright (c) 1995-7 by Hewlett-Packard bootpd.c: $Revision: 1.34.214.7 $ $Date: 99/01/20 01 :41:29 $ build_offer.c: $Revision: 1.6.214.7 $ $Date: 03/05/2 8 12:29:11 $ readfile.c experimental: $Revision: 1.12.214.6 $ $Da te: 98/09/23 04:27:34 $ bootpd 2.4 PHNE_28828 #1.17.213.4: Fri Oct 3 09:20: 46 GMT 2003 Copyright (c) 1988 by Carnegie Mellon /usr/lbin/dhcpclient: ci.c: $Revision: 1.3.214.2 $ $GR patch PHNE_28828 $ $Date: 2003/10/01 23:54:08 $ /usr/sbin/bootpquery: $Revision: 1.14.214.2 $ $Date: 98/08/10 04:33:07 $ /usr/sbin/dhcptools: None /usr/lib/libdhcp.1: None /usr/lbin/tftpd: Copyright (c) 1983 Regents of the University of Cali fornia. tftpd.c $Revision: 1.14.214.4 (GR patch PHNE_28828) $ $Date: 07/16/2003 03:28:46 $ tftpd.c 5.8 (Berkeley) 6/18/88 tftpsubs.c $Revision: 1.4.214.1 $ $Date: 96/10/08 13 :38:21 $ tftpsubs.c 5.4 (Berkeley) 6/29/88 /usr/bin/tftp: Copyright (c) 1983 Regents of the University of Cali fornia. main.c $Revision: 1.9.214.2(PHNE_25355) $ $Date: 96/ 10/10 14:44:03 $ main.c 5.8 (Berkeley) 10/11/88 tftp.c $Revision: 1.7.214.4 $ $Date: 99/02/24 21:34: 23 $ tftp.c 5.7 (Berkeley) 6/29/88 tftpsubs.c $Revision: 1.4.214.1 $ $Date: 96/10/08 13 :38:12 $ tftpsubs.c 5.4 (Berkeley) 6/29/88 /usr/share/doc/tftp_ER.txt: None /usr/newconfig/etc/dhcptab: dhcptab $Revision: 1.1.214.1 $ $Date: 96/10/08 12:46 :53 $ InternetSrvcs.INET-ENG-A-MAN,fr=B.11.00, fa=HP-UX_B.11.00_32/64,v=HP: /usr/share/man/man1m.Z/bootpd.1m: None /usr/share/man/man1.Z/tftp.1: None /usr/share/man/man1m.Z/tftpd.1m: None InternetSrvcs.INETSVCS-INC,fr=B.11.00, fa=HP-UX_B.11.00_32/64,v=HP: /usr/include/arpa/tftp.h: tftp.h 5.2 (Berkeley) 6/27/88 $Revision: 1.4.214.2 $ cksum(1) Output: InternetSrvcs.INETSVCS-BOOT,fr=B.11.00, fa=HP-UX_B.11.00_32/64,v=HP: 359542862 176128 /usr/lbin/bootpd 2201079351 86016 /usr/lbin/dhcpclient 855164132 28672 /usr/sbin/bootpquery 933501079 65536 /usr/sbin/dhcptools 2518998039 73728 /usr/lib/libdhcp.1 3087709414 40960 /usr/lbin/tftpd 4159170979 40960 /usr/bin/tftp 1852977291 4402 /usr/share/doc/tftp_ER.txt 3775382063 13236 /usr/newconfig/etc/dhcptab InternetSrvcs.INET-ENG-A-MAN,fr=B.11.00, fa=HP-UX_B.11.00_32/64,v=HP: 772789309 18922 /usr/share/man/man1m.Z/bootpd.1m 1168178941 2764 /usr/share/man/man1.Z/tftp.1 399331094 4033 /usr/share/man/man1m.Z/tftpd.1m InternetSrvcs.INETSVCS-INC,fr=B.11.00, fa=HP-UX_B.11.00_32/64,v=HP: 1220417575 2212 /usr/include/arpa/tftp.h Patch Conflicts: None Patch Dependencies: s700: 11.00: PHNE_26771 s800: 11.00: PHNE_26771 Hardware Dependencies: None Other Dependencies: None Supersedes: PHNE_25355 PHNE_16200 PHNE_17829 PHNE_19241 Equivalent Patches: None Patch Package Size: 310 KBytes Installation Instructions: Please review all instructions and the Hewlett-Packard SupportLine User Guide or your Hewlett-Packard support terms and conditions for precautions, scope of license, restrictions, and, limitation of liability and warranties, before installing this patch. ------------------------------------------------------------ 1. Back up your system before installing a patch. 2. Login as root. 3. Copy the patch to the /tmp directory. 4. Move to the /tmp directory and unshar the patch: cd /tmp sh PHNE_28828 5. Run swinstall to install the patch: swinstall -x autoreboot=true -x patch_match_target=true \ -s /tmp/PHNE_28828.depot By default swinstall will archive the original software in /var/adm/sw/save/PHNE_28828. If you do not wish to retain a copy of the original software, include the patch_save_files option in the swinstall command above: -x patch_save_files=false WARNING: If patch_save_files is false when a patch is installed, the patch cannot be deinstalled. Please be careful when using this feature. For future reference, the contents of the PHNE_28828.text file is available in the product readme: swlist -l product -a readme -d @ /tmp/PHNE_28828.depot To put this patch on a magnetic tape and install from the tape drive, use the command: dd if=/tmp/PHNE_28828.depot of=/dev/rmt/0m bs=2k Special Installation Instructions: 1)This patch stops bootpd, but it does not restart after patch installation, since it is usually invoked by inetd. Therefore, if bootpd is running in standalone mode (started manually), customers are advised to manually restart bootpd after the patch installation. 2)As this patch does not stop the dhcpclient, customers are advised to manually restart the dhcpclient to activate the patched binary. 3)To enable the tftpd service guard fix(JAGad25107), add the "-s" option to the tftp entry in the "/etc/inetd.conf" file as specified below: tftp dgram udp wait root /usr/lbin/tftpd tftpd -s Then, reconfigure inetd using the "inetd -c" command. The transport patch PHNE_26771 must be installed for proper functioning of the tftpd service guard fix.