Patch Name: PHCO_8763 Patch Description: s700_800 10.10 libc cumulative patch Creation Date: 96/09/30 Post Date: 96/10/01 Hardware Platforms - OS Releases: s700: 10.10 s800: 10.10 Products: N/A Filesets: OS-Core.C-MIN OS-Core.CORE-SHLIBS ProgSupport.PROG-MIN ProgSupport.PROG-AUX OS-Core.UX-CORE Automatic Reboot?: No Status: General Superseded Critical: Yes PHCO_8763: CORRUPTION Path Name: /hp-ux_patches/s700_800/10.X/PHCO_8763 Symptoms: PHCO_8763: Random truncaton of strings with strcat due to fix attempted in PHCO_8369. PHCO_8369: Significant performance degradation of regular expression processing in 10.X compared to 9.x. Affects awk, grep, sed, etc. The readdir() call may inadvertently call a user-defined routine. getcwd returns EINVAL when a negative buflen is passed in. memchr tries to read beyond end of valid memory when char is not found in thestring and may core dump. Sometimes strcat would attempt to access an unmapped page of memory. - The group permissions of the parent directory of the home directory does not have to be set for "all" for the ".rhosts" check to succeed. The "rhosts" check changes the effective group id to the real group id before opening ".rhosts" file. - ruserok() did not properly parse the username in hosts.equiv. PHCO_7799: Runtime message catalog functions only support 255 message groups. When customer runs command: setprivgrp -g LOCKRDONLY, the NIS system hangs. regexec does not find pattern "(a*|b)c" in input "c" Call to setlocale() caused LC_ALL string to become corrupt. If the ndots resolver option is configured in /etc/resolv.conf and res_init() is directly or indirectly called, a memory leak will occur. Applications using gethost*() API's or directly using resolver API's (res_*()) in a DNS environment are open to this problem. "$^" with REG_NEWLINE matches all lines, not just empty. PHCO_6809: Undocumented behavior for strncpy was missing. qsort performs very badly on sorted blocks of data - customer found that qsort on a file with 100,000 randomly sorted records took seconds, whereas a file of 100,000 records containing large sorted blocks took over an hour to sort. Under certain circumstances, a regcomp(3) memory leak causes an Uninitialized Memory Read from withing regfree(3). On 10.10 a call to fileno() with a NULL parameter simply returns NULL - that is until you have linked in libdce.sl which enables the thread safe version of fileno which core dumps when passed a NULL parameter. getutent_r, getutid_r, and getutline_r tests core dumped. Repeated calls to setlocale(3c) expose a memory leak. yp_bind routine doesn't time out, and will try forever if the server is not found. PHCO_6777: Also to fix the return value of sysconf() there are changes being made there. On 10.10 a call to fileno() with a NULL parameter simply returns NULL - that is until you have linked in libdce.sl which enables the thread safe version of fileno which core dumps when passed a NULL parameter. PHCO_6596: Under some circumstances registers were not being properly saved prior to calling signal handlers. setcontext() occasionally returns 100 to indicate success. Changes to always return 0 for success as required by Standards. Multiple calls to gettxt() would result in a "too many open files" error. telldir() returns an incorrect offset zero for the end of directory record. strptime(3c) does not return the correct information for 12:xx am. Includes change to getpwent.c in function matchname() so that it returns 1 instead of 0 if it finds the name under the MINUS section. Also includes change to getgrent.c so that interpret will stop processing if it finds a MINUS as part of the name. Defect Description: PHCO_8763: The fix for strcat's page boundary problem caused truncation of some strings. PHCO_8369: Poor performance of 10.X regular expression processing in comparison to 9.x. The readdir() call failed to call the primary definition of a public routine. According to X/Open, getcwd takes a second argument of type of size_t and returns EINVAL only when the second argument is 0. memchr tries to read beyond end of valid memory when char is not found in thestring and may core dump. The strcat call didn't handle an optimized pre-fetching strategy properly, causing the read of bytes belonging to unmapped pages. 1. The "rhosts" check fails if the parent directory of the user's home directory does not have the right group permissions. Consider the case where the parent directory has permissions "710". /home - permissions rwx--x--- /home/student - permissions rwx------ - The directories home and student belong to the same group. The "rhosts" check fails when a remote user tries to login as "student". - This is because, the ruserok() routine does not change the effective group id to the real group id before opening ".rhosts" file. 2. Usernames in the host.equiv file are improperly parsed. - The ruserok() code now exhibits the expected and documented behavior. PHCO_7799: Add runtime support for message sets 256 thru 1023. Problem is in yp_bind.c. The second function call to flock() has a syntax error in the parameter list. The first call to flock() is correct. When this command is given the second function call to flock() is in code which is only invoked when Talk2_binder() is called. Then it hangs. Fix pmap array needed to be set true for alternation case when isfirst set to 0, since it was getting lost on next expression for case of echo c | grep -E '(a*|b)c' A previous fix for a setlocale() memory leak releases storage for LC_ALL string before it is appropriate. The implementation has been changed to use an internal static buffer. res_init() leads to the processing of the ndots option. In processing the ndots value a routine was called that could generate a recursive loop back to res_init(). During the recursive loop a memory leak would be generated. The code has been redesigned to avoid this loop condition. "$^" with REG_NEWLINE matches all lines, not just empty, caused by incorrect fix for DSDe427572. PHCO_6809: Added support back for an undocumented strncpy behavior which had been previously removed for performance reasons. qsort needed to pick an alternate pivot point when detecting sorted or partially sorted data in order to improve poor performance. When regcomp(3) returns the following error: ?, *, or + not preceded by valid regular expression the regex_t structure argument has already had memory allocated to it,resulting in a memory leak. If regfree(3) is called in this case, the result is a Uninitialized Memory Read from withing regfree. The thread-safe version of fileno() is trying to dereference a NULL pointer. endutent_r() and endutxent_r() assumed that a key had been created. This assumption is not valid, and checks have been put in to determine what action to take. Repeated calls to setlocale(3c) expose a memory leak. yp_bind was changed to retry 4 times, then timeout and quit if no success. PHCO_6777: Bug in sysconf(). The thread-safe version of fileno() is trying to dereference a NULL pointer. PHCO_6596: Multiple calls to gettxt() would result in a "too many open files" error. telldir() returns an incorrect offset zero for the end of directory record. strptime(3c) does not return the correct information for 12:xx am. Includes change to getpwent.c in function matchname() so that it returns 1 instead of 0 if it finds the name under the MINUS section. Also includes change to getgrent.c so that interpret will stop processing if it finds a MINUS as part of the name. SR: 1653159293 5003294843 5003291716 5003290056 5003320648 1653174425 4701309294 1653155929 1653169615 Patch Files: /usr/lib/libc.a /usr/lib/libp/libc.a /usr/lib/libpicc.a /usr/lib/libc.1 /usr/lib/.unix95/context.o what(1) Output: /usr/lib/libc.a: PATCH/10_10 PHCO_8763 $Revision: 76.162.1.14.1.15 $ /usr/lib/libp/libc.a: PATCH/10_10 PHCO_8763 $Revision: 76.162.1.14.1.15 $ /usr/lib/libpicc.a: PATCH/10_10 PHCO_8763 $Revision: 76.162.1.14.1.15 $ /usr/lib/libc.1: PATCH/10_10 PHCO_8763 $Revision: 76.162.1.14.1.15 $ /usr/lib/.unix95/context.o: None cksum(1) Output: 1419729684 2277120 /usr/lib/libc.a 1380514964 2496154 /usr/lib/libp/libc.a 105887816 2388788 /usr/lib/libpicc.a 3313983794 1712128 /usr/lib/libc.1 2768583517 1356 /usr/lib/.unix95/context.o Patch Conflicts: None Patch Dependencies: None Hardware Dependencies: None Other Dependencies: None Supersedes: PHCO_6596 PHCO_6777 PHCO_6809 PHCO_7799 PHCO_8369 Equivalent Patches: None Patch Package Size: 8730 Kbytes Installation Instructions: Please review all instructions and the Hewlett-Packard SupportLine User Guide or your Hewlett-Packard support terms and conditions for precautions, scope of license, restrictions, and, limitation of liability and warranties, before installing this patch. ------------------------------------------------------------ 1. Back up your system before installing a patch. 2. Login as root. 3. Copy the patch to the /tmp directory. 4. Move to the /tmp directory and unshar the patch: cd /tmp sh PHCO_8763 5a. For a standalone system, run swinstall to install the patch: swinstall -x autoreboot=true -x match_target=true \ -s /tmp/PHCO_8763.depot 5b. For a homogeneous NFS Diskless cluster run swcluster on the server to install the patch on the server and the clients: swcluster -i -b This will invoke swcluster in the interactive mode and force all clients to be shut down. WARNING: All cluster clients must be shut down prior to the patch installation. Installing the patch while the clients are booted is unsupported and can lead to serious problems. The swcluster command will invoke an swinstall session in which you must specify: alternate root path - default is /export/shared_root/OS_700 source depot path - /tmp/PHCO_8763.depot To complete the installation, select the patch by choosing "Actions -> Match What Target Has" and then "Actions -> Install" from the Menubar. 5c. For a heterogeneous NFS Diskless cluster: - run swinstall on the server as in step 5a to install the patch on the cluster server. - run swcluster on the server as in step 5b to install the patch on the cluster clients. By default swinstall will archive the original software in /var/adm/sw/patch/PHCO_8763. If you do not wish to retain a copy of the original software, you can create an empty file named /var/adm/sw/patch/PATCH_NOSAVE. Warning: If this file exists when a patch is installed, the patch cannot be deinstalled. Please be careful when using this feature. It is recommended that you move the PHCO_8763.text file to /var/adm/sw/patch for future reference. To put this patch on a magnetic tape and install from the tape drive, use the command: dd if=/tmp/PHCO_8763.depot of=/dev/rmt/0m bs=2k Special Installation Instructions: None