Patch Name: PHNE_22159

Patch Description: s700_800 11.0 telnet kernel and  telnetd(1M) patch.

Creation Date: 01/02/27

Post Date: 01/03/05

Hardware Platforms - OS Releases:
	s700: 11.00
	s800: 11.00

Products: N/A

Filesets:
	Networking.NET2-KRN,fr=B.11.00,fa=HP-UX_B.11.00_32,v=HP
	Networking.NET2-KRN,fr=B.11.00,fa=HP-UX_B.11.00_64,v=HP
	InternetSrvcs.INETSVCS-RUN,fr=B.11.00,fa=HP-UX_B.11.00_32/64,v=HP
	OS-Core.CORE-KRN,fr=B.11.00,fa=HP-UX_B.11.00_32/64,v=HP
	ProgSupport.C-INC,fr=B.11.00,fa=HP-UX_B.11.00_32/64,v=HP
	InternetSrvcs.INET-ENG-A-MAN,fr=B.11.00,fa=HP-UX_B.11.00_32/64,v=HP

Automatic Reboot?: Yes

Status: General Release

Critical:
	Yes
	PHNE_22159: HANG MEMORY_LEAK
		Memory leak in telnetd
	PHNE_21952: HANG
		Memory leak in telnetd
	PHNE_20936: PANIC
		If minor number exceeds boundary value system
		panics.
	PHNE_16546: PANIC
		While rebooting the system, telnet caused a panic.
	PHNE_14957: PANIC
		1. There was occasional system panics due to
		telnetd.
	PHNE_14818: PANIC
		System panics with a data page fault.
	PHNE_14424: HANG
		1. The telnet sub system is completely unusable.

Category Tags:
	defect_repair enhancement general_release critical panic
	halts_system memory_leak

Path Name: /hp-ux_patches/s700_800/11.X/PHNE_22159

Symptoms:
	PHNE_22159:
	SR 8606182980 / CR JAGad52196
	1. telnetd does not close connection if stty 0 is given.

	SR 8606176054 / CR JAGad45294
	2. Memory leak as telnetd does not manage telnet queues
	   properly.

	SR 8606157405 / CR JAGad26736
	3. telnet daemon sets the pty speed to 0 if the telnet
	   client speed is > 38400

	SR 8606114446 / CR JAGac29210
	4. telnet hangs with "Reflection", a terminal emulation
	   software used by Windows telnet client.

	SR 1653304360 / CR JAGab16743
	5. Single byte write to DTC over telnet degraded by 10.20
	   to 11.0 update

	PHNE_21952:
	SR 8606145850 / JAGad15186:
	1. Memory leak in telnetd.

	PHNE_21822:
	SR 8606140594 / JAGad09955:
	1. Telnetd connection fails intermittently with a message
	   in syslog which says "Baud Rate set to 0, connection
	   closed"

	SR 8606126240 / JAGac56805:
	2. Intermittent telnetd connection failure due to unflushed
	   pty

	CR JAGab21120:
	3. When a system is cold installed with May 1999 Extension
	   Pack(9905) and later removed, telnet stops functioning.

	PHNE_20936:
	SR 8606134274 /  CR JAGab75328:
	1. telnetd does not close connection if stty 0 is given.

	SR 8606134275 / CR JAGab70058:
	2. 11.0 telnetd: TELS/TELM driver code needs to
	   include flow-control checks.

	SR 8606134276 / CR JAGab53771:
	3. panic in telnets_open when minor number passed
	   is beyond nstrtel value.

	SR 8606134273 / CR JAGab50706:
	4. Memory leak in telnet streams module.

	PHNE_19298:
	1. Inetd gives the error message "telnet/tcp:bind:Address
	   already in use".
	2. No help to generate telnet pty files.

	PHNE_18527:
	1. Misaligned error messages in log files while installing
	   the telnetd patch PHNE_14957.
	2. Bad system call in the postinstall script.
	3. Backup directory should not be created under /dev/pts.
	4. Backup directory should not be removed if not empty.

	PHNE_16546:
	1. At hp-ux 11.0 telnet connections hang in connection
	   phase.
	2. While rebooting a system, there was a panic due to
	   telnet.

	PHNE_14957:
	1. utmp file format limits number of telnet login sessions
	   to 1000.
	2. Telnet should detect that the pseudo drivers telm and
	   tels are not in kernel.
	3. telnetd displays login prompt before system id string.
	4. At 11.0 there was a panic due to telnetd.

	PHNE_14819:
	1. Sending a block of data over telnet connection
	   causes it to close

	PHNE_14818:
	1. Telnet causes system panic in putbq telnet_route_data
	   on a 11.0 system.
	2. memory leak in telnet.

	PHNE_14424:
	1.inetd failed to fork telnetd with the error,
	"telnet/tcp: bind: Address already in use".

Defect Description:
	PHNE_22159:
	SR 8606182980 / CR JAGad52916
	1. Setting stty 0 results in zero byte msgblk which was
	   ignored.
	Resolution:
	   stty 0 results in zero byte msgblk which is now processed
	   to close the telnet connection.

	SR 8606176054 / CR JAGad45294
	2. If the connection is closed while telnet is doing option
	   negotiation, memory is not freed.
	Resolution:
	   Code has been modified to free memory whenever connection
	   is closed.

	SR 8606157405 / CR JAGad26736
	3. If  any telnet client requests for baud rate > 38400,
	   the telnet daemon resets the value.
	Resolution:
	   If any request for Baud rate arrives, which is greater
	   than the maximum, i.e 38400, then the telnet daemon
	   resets the Baud rate value to the lowest value instead
	   of setting it to zero.

	SR 8606114446 / CR JAGac29210
	4. While displaying quite  large files using "Reflection",
	   a terminal emulation software, the application hangs.
	Resolution:
	   Flow control has been properly enabled which solved
	   this problem.

	SR 1653304360 / CR JAGab16743
	5. With TCP_NODELAY option, single byte packets from telnetd
	   clogged the network.
	Resolution:
	   Buffering is implemented in telnetd so that it no more
	   writes single byte packets to the network.

	PHNE_21952:
	SR 8606145850 / JAGad15186:
	1. Memory chunks are not freed when telnet exits.
	Resolution:
	   Steps have been taken to free unwanted memory and the
	   code has been modified accordingly.

	PHNE_21822:
	SR 8606140594 / JAGad09955:
	1. Telnetd connections occasionally get closed. This problem
	   is found in patch PHNE_20936 where the fix for 8606140594
	   generates this wrong behaviour. The fix for 8606140594
	   has been removed in this patch.
	Resolution:
	   The fix for 8606140594 has been removed and the problem
	   is avoided.

	SR 8606126240 / JAGac56805:
	2. Telnetd connections intermittently failed because it
	   ended up using an active pty instead of procuring a
	   free pty.
	Resolution:
	   The root cause was because of persistent links in the
	   streams. Telnetd creates only non-persistent links now
	   and thereby solves the problem of ending up using
	   same pty across different connections.

	CR JAGab21120:
	3. When May 1999 Extension Pack(9905) is cold installed and
	   later removed, telnetd looks for old device files and
	   since those files are not present, telnetd ceases to
	   work.
	Resolution:
	   We are providing a warning in the patch script alerting
	   the user to run /sbin/insf manually to regenerate the
	   device files if for any reason the script fails to do
	   so and thereby avoids potential problems that could
	   arise because of old file names versus new file names.

	PHNE_20936:
	1. Setting stty 0 results in zero byte msgblk which was
	   ignored.
	Resolution:
	   stty 0 results in zero byte msgblk which is now processed
	   to close the telnet connection.

	2. TELS/TELM code needed flow control checks.
	Resolution:
	   Flow control related checks have been introduced.

	3. If minor number exceeds boundary value, system panics.
	Resolution:
	   Boundary check for minor number values  is introduced.

	4. telnet streams module fails to free some memory.
	Resolution:
	   Code has been modified to free unwanted allocated memory
	   chunks.

	PHNE_19298:
	1. As telnetd was exiting without unlinking the persistent
	   links, inetd was unable to spawn telnetd and
	   it displayed the error message.
	Resolution:
	   The code has been modified so that telnetd unlinks all
	   the persistent links before exiting.

	2. Patch scripts do not provide enough information to
	   create telnet pty files.
	Resolution:
	   The postremove script has been modified to include
	   details for generating telnet pty files.

	PHNE_18527:
	1. Error messages from the control scripts of PHNE_14957
	   were not properly aligned in the log files.
	Resolution:
	   The scripts have been modified to properly align the
	   error messages in the log files by ensuring that the
	   messages begin from tenth column.

	2. postinstall script was running insf command which is
	   not encouraged.
	Resolution:
	   insf command should be run to create telnet tty files.
	   This command should not be run from the postinstall
	   script but should be done from configure script because
	   in an OS update scenario this can result in core dump.

	3. Patch script creates a backup directory to save the
	   existing telnet tty files which should not be done
	   in /dev/pts.
	Resolution:
	   The backup directory is not created anymore under
	   /dev/pts. The directory is created now under /var/adm/sw.

	4. Patch script removes the backup directory though it was
	   not empty.
	Resolution:
	   The backup directory is no more removed if it has any
	   files or directories entries.

	PHNE_16546:
	1. telnet sessions to a hp-ux 11.0 m/c hang occassionaly.
	2. While rebooting a system, there was a panic due to
	   telnet.

	PHNE_14957:
	1. The number of telnet login sessions were limited to
	   1000 as the member ut_line of utmp structure allowed
	   for device names only 4 characters long.

	2. Telnet was detecting the absence of the pseudo device
	   drivers telm and tels, but displayed a message  which
	   was not clear.

	3. telnetd displays login prompt before system id string.

	4. At 11.0 there was a panic due to telnetd.

	PHNE_14819:
	1. When a block of data is sent the getmsg() returns a
	   M_STARTI message. This condition was not handled in
	   telnetd.

	PHNE_14818:
	1. System panics when telnet tries to put null data on to
	   the queue.
	2. Nullifying the message without freeing mp->b_cont causes
	   memory leak.

	PHNE_14424:
	1.The streams  modules were not properly  unlinked when
	  telnetd exited.

SR:
	8606182980 8606176054 8606157405 8606114446 1653304360
	8606145850 8606140594 8606126240 8606134274 8606134275
	8606134276 8606134273 5003432294 1653257162 5003454538
	4701425793 4701425785 1653248013 5003441964 5003413112

Patch Files:
	
	Networking.NET2-KRN,fr=B.11.00,fa=HP-UX_B.11.00_32,v=HP:
	/usr/conf/lib/libtelnet.a

	Networking.NET2-KRN,fr=B.11.00,fa=HP-UX_B.11.00_64,v=HP:
	/usr/conf/lib/libtelnet.a

	InternetSrvcs.INETSVCS-RUN,fr=B.11.00,
		fa=HP-UX_B.11.00_32/64,v=HP:
	/usr/lbin/telnetd

	OS-Core.CORE-KRN,fr=B.11.00,fa=HP-UX_B.11.00_32/64,v=HP:
	/usr/conf/h/nvs.h

	ProgSupport.C-INC,fr=B.11.00,fa=HP-UX_B.11.00_32/64,v=HP:
	/usr/include/sys/nvs.h

	InternetSrvcs.INET-ENG-A-MAN,fr=B.11.00,
		fa=HP-UX_B.11.00_32/64,v=HP:
	/usr/share/man/man1m.Z/telnetd.1m

what(1) Output:
	
	Networking.NET2-KRN,fr=B.11.00,fa=HP-UX_B.11.00_32,v=HP:
	/usr/conf/lib/libtelnet.a:
		str_telnet.c: PHNE_22159
		str_telnet.c $Revision: 1.2.118.6 $ $Date: 2000/06/0
			8 10:12:57 $

	Networking.NET2-KRN,fr=B.11.00,fa=HP-UX_B.11.00_64,v=HP:
	/usr/conf/lib/libtelnet.a:
		str_telnet.c: PHNE_22159
		str_telnet.c $Revision: 1.2.118.6 $ $Date: 2000/06/0
			8 10:12:57 $

	InternetSrvcs.INETSVCS-RUN,fr=B.11.00,
		fa=HP-UX_B.11.00_32/64,v=HP:
	/usr/lbin/telnetd:
		Copyright (c) 1983, 1986 Regents of the University o
			f California.
		Patch ID: PHNE_22159
		telnetd.c $Revision: 1.29.214.16 $ $Date: 2000/06/08
			 23:40:02 $
		telnetd.c       5.31 (Berkeley) 2/23/89
		authenc.c       8.1 (Berkeley) 6/4/93

	OS-Core.CORE-KRN,fr=B.11.00,fa=HP-UX_B.11.00_32/64,v=HP:
	/usr/conf/h/nvs.h:
		nvs.h: $Revision: 1.4.105.2 $ $Date: 97/04/26 13:50:
			52 $

	ProgSupport.C-INC,fr=B.11.00,fa=HP-UX_B.11.00_32/64,v=HP:
	/usr/include/sys/nvs.h:
		nvs.h: $Revision: 1.4.105.2 $ $Date: 97/04/26 13:50:
			52 $

	InternetSrvcs.INET-ENG-A-MAN,fr=B.11.00,
		fa=HP-UX_B.11.00_32/64,v=HP:
	/usr/share/man/man1m.Z/telnetd.1m:
		None

cksum(1) Output:
	
	Networking.NET2-KRN,fr=B.11.00,fa=HP-UX_B.11.00_32,v=HP:
	1106884421 33276 /usr/conf/lib/libtelnet.a

	Networking.NET2-KRN,fr=B.11.00,fa=HP-UX_B.11.00_64,v=HP:
	3704171952 68302 /usr/conf/lib/libtelnet.a

	InternetSrvcs.INETSVCS-RUN,fr=B.11.00,
		fa=HP-UX_B.11.00_32/64,v=HP:
	191398881 86016 /usr/lbin/telnetd

	OS-Core.CORE-KRN,fr=B.11.00,fa=HP-UX_B.11.00_32/64,v=HP:
	1064391964 2512 /usr/conf/h/nvs.h

	ProgSupport.C-INC,fr=B.11.00,fa=HP-UX_B.11.00_32/64,v=HP:
	1064391964 2512 /usr/include/sys/nvs.h

	InternetSrvcs.INET-ENG-A-MAN,fr=B.11.00,
		fa=HP-UX_B.11.00_32/64,v=HP:
	1026613243 8868 /usr/share/man/man1m.Z/telnetd.1m

Patch Conflicts: None

Patch Dependencies:
	s700: 11.00: PHCO_17090 PHCO_17622
	s800: 11.00: PHCO_17090 PHCO_17622

Hardware Dependencies: None

Other Dependencies: None

Supersedes:
	PHNE_14424 PHNE_14818 PHNE_14819 PHNE_14957 PHNE_16546 PHNE_18527
	PHNE_19298 PHNE_20936 PHNE_21822 PHNE_21952

Equivalent Patches: None

Patch Package Size: 00 KBytes

Installation Instructions:
	Please review all instructions and the Hewlett-Packard
	SupportLine User Guide or your Hewlett-Packard support terms
	and conditions for precautions, scope of license,
	restrictions, and, limitation of liability and warranties,
	before installing this patch.
	------------------------------------------------------------
	1. Back up your system before installing a patch.

	2. Login as root.

	3. Copy the patch to the /tmp directory.

	4. Move to the /tmp directory and unshar the patch:

		cd /tmp
		sh PHNE_22159

	5. Run swinstall to install the patch:

		swinstall -x autoreboot=true -x patch_match_target=true \
			  -s /tmp/PHNE_22159.depot

	By default swinstall will archive the original software in 
	/var/adm/sw/save/PHNE_22159.  If you do not wish to retain a
	copy of the original software, use the patch_save_files option:

		swinstall -x autoreboot=true -x patch_match_target=true \
			  -x patch_save_files=false -s /tmp/PHNE_22159.depot

	WARNING: If patch_save_files is false when a patch is installed,
		 the patch cannot be deinstalled.  Please be careful
		 when using this feature.

	For future reference, the contents of the PHNE_22159.text file is 
	available in the product readme:

		swlist -l product -a readme -d @ /tmp/PHNE_22159.depot

	To put this patch on a magnetic tape and install from the
	tape drive, use the command:

		dd if=/tmp/PHNE_22159.depot of=/dev/rmt/0m bs=2k

Special Installation Instructions:
	The  'insf'  patch   PHCO_17090 (or its superseding
	patch if any)   MUST  be installed   prior  to  the
	installation of this telnetd patch, for this patch
	to work.

	Please note, after installation of PHNE_14957 the
	naming convention for /dev/pts/t* changes from
	/dev/pts/tnumber to /dev/pts/tcharacter to allow
	creation of more than 1000 telnet device files.
	Consequently the first telnetd device file is
	renamed from /dev/pts/t0 to /dev/pts/ta.

	NOTE:
	  For getting more user  logins, the kernel  configuration
	  parameter 'nstrtel'  needs to be modified to the  desired
	  number and rebuild the kernel. Ensure  that the extra
	  telnet pseudo ttys are created by doing 'insf -d tels'.

	
	On trusted systems, the telnetd patch  has a dependency
	on the libsec patch PHCO_17622( or later) also  apart from
	the insf patch PHCO_17090 (or later).

	Thus, on trusted systems before installing the telnetd
	patch, please ensure that the libsec patch PHCO_17622
	(or later) and the insf patch PHCO_17090 (or later)
	are installed to generate device file names similar to
	telnetd.

	Please note that the  dependency on PHCO_17622 ( or later )
	is applicable only for trusted systems.

