Kit Name: VAXRPC02_073.A Kit Applies To: OpenVMS VAX V7.3 Approximate Kit Size: 10080 blocks Installation Rating: INSTALL_2 Required Features: COM, DCE and RPC All DCE V3.1-SSB Customers will need to install this Kit Superseded Kits: VAXRPC01_073 Mandatory Kit Dependencies: None. Optional Kit Dependencies: None. VAXRPC02_073.A-DCX_VAXEXE Checksum: 4089539731 ======================================================================= Hewlett-Packard OpenVMS ECO Cover Letter ======================================================================= ECO NUMBER: VAXRPC02_073 PRODUCT: OpenVMS VAX OPERATING SYSTEM V7.3 UPDATE PRODUCT: OpenVMS VAX OPERATING SYSTEM V7.3 1 KIT NAME: VAXRPC02_073 2 KIT DESCRIPTION: 2.1 Installation Rating: INSTALL_2: To be installed by all customers using the following feature(s): - COM, DCE and RPC - All DCE V3.1-SSB Customers will need to install this Kit This installation rating, based upon current CLD information, is provided to serve as a guide to which customers should apply this remedial kit. (Reference attached Disclaimer of Warranty and Limitation of Liability Statement) 2.2 Reboot Requirement: No reboot is necessary after installation of this kit. 2.3 Version(s) of OpenVMS to which this kit may be applied: OpenVMS VAX V7.3 2.4 New functionality or new hardware support provided: Yes. 3 KITS SUPERSEDED BY THIS KIT: - VAXRPC01_073 4 KIT DEPENDENCIES: Page 2 4.1 The following remedial kit(s), or later, must be installed BEFORE installation of this, or any required kit: - None. 4.2 In order to receive all the corrections listed in this kit, the following remedial kits, or later, should also be installed: - None. 5 FILES PATCHED OR REPLACED: o [SYSEXE]DCE$ADD_ID.EXE (new image) Image Identification Information image name: "DCE$ADD_ID" image file identification: "DCE V3.1-031213" link date/time: 13-DEC-2003 09:43:58.37 linker identification: "05-13" Overall Image Checksum: 2514529343 o [SYSEXE]DCE$DCED.EXE (new image) Image Identification Information image name: "DCE$DCED" image file identification: "DCE V3.1-031213" link date/time: 13-DEC-2003 09:57:43.10 linker identification: "05-13" Overall Image Checksum: 2338787270 o [SYSEXE]DCE$ETDEL.EXE (new image) Image Identification Information image name: "DCE$ETDEL" image file identification: "DCE V3.1-031213" link date/time: 13-DEC-2003 09:47:06.61 linker identification: "05-13" Overall Image Checksum: 2299366060 o [SYSEXE]DCE$ETDMP.EXE (new image) Image Identification Information image name: "DCE$ETDMP" image file identification: "DCE V3.1-031213" link date/time: 13-DEC-2003 09:47:07.88 Page 3 linker identification: "05-13" Overall Image Checksum: 2863668658 o [SYSEXE]DCE$ETFMT.EXE (new image) Image Identification Information image name: "DCE$ETFMT" image file identification: "DCE V3.1-031213" link date/time: 13-DEC-2003 09:47:09.15 linker identification: "05-13" Overall Image Checksum: 3942845207 o [SYSEXE]DCE$ETGET.EXE (new image) Image Identification Information image name: "DCE$ETGET" image file identification: "DCE V3.1-031213" link date/time: 13-DEC-2003 09:47:10.39 linker identification: "05-13" Overall Image Checksum: 971195672 o [SYSLIB]DCE$KERNEL.EXE (new image) Image Identification Information image name: "DCE$KERNEL" image file identification: "DCE V3.1-031213" link date/time: 13-DEC-2003 09:43:49.36 linker identification: "05-13" Overall Image Checksum: 4036536776 o [SYSLIB]DCE$LIB_SHR.EXE (new image) Image Identification Information image name: "DCE$LIB_SHR" image file identification: "DCE V3.1-031213" link date/time: 24-MAY-2004 16:43:55.30 linker identification: "05-13" Overall Image Checksum: 2831455668 o [SYSEXE]DCE$RPCCP.EXE (new image) Image Identification Information image name: "DCE$RPCCP" image file identification: "DCE V3.1-031213" link date/time: 13-DEC-2003 10:01:00.32 linker identification: "05-13" Overall Image Checksum: 3224056784 o [SYSEXE]DCE$RPCPERF_CLIENT.EXE (new image) Image Identification Information Page 4 image name: "DCE$RPCPERF_CLIENT" image file identification: "DCE V3.1-031213" link date/time: 13-DEC-2003 10:03:26.81 linker identification: "05-13" Overall Image Checksum: 1909365260 o [SYSEXE]DCE$RPCPERF_SERVER.EXE (new image) Image Identification Information image name: "DCE$RPCPERF_SERVER" image file identification: "DCE V3.1-031213" link date/time: 13-DEC-2003 10:04:42.46 linker identification: "05-13" Overall Image Checksum: 4009484303 o [SYSMSG]DCE$RPC_MSG.EXE (new image) Image Identification Information image name: "DCE$RPC_MSG" image file identification: "DCE V3.1-031213" link date/time: 13-DEC-2003 09:43:46.45 linker identification: "05-13" Overall Image Checksum: 3748903124 o [SYSLIB]DCE$SOCKSHR_DNET_IV.EXE (new image) Image Identification Information image name: "DCE$SOCKSHR_DNET_IV" image file identification: "DCE V3.1-031213" link date/time: 13-DEC-2003 09:46:50.66 linker identification: "05-13" Overall Image Checksum: 2150133978 o [SYSLIB]DCE$SOCKSHR_DNET_OSI.EXE (new image) Image Identification Information image name: "DCE$SOCKSHR_DNET_OSI" image file identification: "DCE V3.1-031213" link date/time: 13-DEC-2003 10:01:09.50 linker identification: "05-13" Overall Image Checksum: 2908682767 o [SYSLIB]DCE$SOCKSHR_IP.EXE (new image) Image Identification Information image name: "DCE$SOCKSHR_IP" image file identification: "DCE V3.1-031213" link date/time: 13-DEC-2003 09:46:56.55 linker identification: "05-13" Overall Image Checksum: 2899654253 Page 5 o [SYSLIB]DCE$SOCKSHR_TPS.EXE (new image) Image Identification Information image name: "DCE$SOCKSHR_TPS" image file identification: "DCE V3.1-031213" link date/time: 13-DEC-2003 09:47:01.58 linker identification: "05-13" Overall Image Checksum: 1336477987 o [SYSLIB]DTSS$SHR.EXE (new image) Image Identification Information image name: "DTSS$SHR" image file identification: "DCE V3.1-031213" link date/time: 13-DEC-2003 09:44:05.56 linker identification: "05-13" Overall Image Checksum: 916962496 o [SYSMGR]DCE$RPC_SHUTDOWN.COM (new file) o [SYSLIB]DCE$RPC_STARTUP.COM (new file) o [SYSMGR]JPI.COM (new file) 6 PROBLEMS ADDRESSED IN THIS KIT 6.1 New problems addressed in the VAXRPC02_073 kit 6.1.1 SSRT4741 Rev.0 OpenVMS VAX buffer could erroneously be overwritten 6.1.1.1 Problem Description: Data in a buffer could erroneously be overwritten. Images Affected: - [SYSLIB]DCE$LIB_SHR.EXE 6.1.1.2 CLDs, and QARs reporting this problem: 6.1.1.2.1 CLD(s) None. Page 6 6.1.1.2.2 QAR(s) 75-15-1086 6.1.1.3 Problem Analysis: See problem description 6.1.1.4 Work-arounds: None. 6.1.2 EBUSY and CMA-F-IN_USE exceptions with multithreaded RPC client 6.1.2.1 Problem Description: When a multithreaded DCE client that is exchanging RPC calls to separate servers begins to close down the connections and deletes the binding handles, a condition variable associated with the connection gives an exception (EBUSY). This leaves all of the other threads waiting for a mutex lock. The thread that caused the problem also stalls because it is a fast mutex and that thread already owns the lock. Images Affected: - [SYSLIB]DCE$LIB_SHR.EXE 6.1.2.2 CLDs, and QARs reporting this problem: 6.1.2.2.1 CLD(s) None. 6.1.2.2.2 QAR(s) 75-15-1078 6.1.2.3 Problem Analysis: The condition variable being deleted has a waiter (one of the socket receive routines) which causes the exception. The fix is to introduce the new function disconnect_pending_for_close(). This function signals the condition variable, and calls it from rpc_socket_disp_close() before calling delete_socket_entry() which destroys the condition variable. Page 7 6.1.2.4 Work-arounds: None. 6.1.3 Provide an option to have the sockets (created by the RPC runtime) take the system specified buffer quotas 6.1.3.1 Problem Description: The RPC runtime-created sockets do not depend on the system specified buffer quotas while setting the buffer quotas. They depend on the internally defined macros that map to a value that is too small. The fix is to provide a logical, "RPC_DEFAULT_SOCKET", so that the DCE RPC sockets take the system default read/write buffer quotas. To make use of the system default socket buffer size values, the logical "RPC_DEFAULT_SOCKET" needs to be assigned. To restore the original RPC Runtime behavior the logical would need to be deassigned. When defining or deassigning the logical, DCE and RPC needs to be shutdown and re-started for the changes to take effect: o DCE - Shutdown or clean DCE $ @SYS$MANAGER:DCE$SETUP CLEAN or $ @SYS$MANAGER:DCE$SETUP STOP Engineering recommends doing a clean operation. Clean will remove any temporary databases and files - Define or deassign the logical RPC_DEFAULT_SOCKET $ DEFINE/SYSTEM RPC_DEFAULT_SOCKET 1 or $ DEASSIGN/SYSTEM RPC_DEFAULT_SOCKET - Start DCE $ @SYS$MANAGER:DCE$SETUP START o RPC - Shutdown RPC $ @SYS$MANAGER:DCE$RPC_SHUTDOWN Page 8 - Define or deassign the logical RPC_DEFAULT_SOCKET $ DEFINE/SYSTEM RPC_DEFAULT_SOCKET 1 or $ DEASSIGN/SYSTEM RPC_DEFAULT_SOCKET - Start RPC $ @SYS$MANAGER:DCE$RPC_STARTUP Images Affected: - [SYSLIB]DCE$LIB_SHR.EXE 6.1.3.2 CLDs, and QARs reporting this problem: 6.1.3.2.1 CLD(s) CFS.103193,70-23-223 6.1.3.2.2 QAR(s) None. 6.1.3.3 Problem Analysis: See Problem Description 6.1.3.4 Work-arounds: None. 6.2 Problems addressed in the VAXRPC01_073 kit 6.2.1 Tickets Fail to Re-authenticate 6.2.1.1 Problem Description: The security tickets for SELF-credentials failed to re-authenticate automatically when they expire under a specific condition. "klist-ef" command displays expired tickets for machines SELF principal. Images Affected: Page 9 - [SYSLIB]DCE$LIB_SHR.EXE 6.2.1.2 CLDs, and QARs reporting this problem: 6.2.1.2.1 CLD(s) CFS.93308/70-23-95 6.2.1.2.2 QAR(s) None. 6.2.1.3 Problem Analysis: The problem was observed when an already locked mutex was never unlocked. This mutex eventually be required for the thread that is responsible for ticket refresh operation and would never acquire a lock. The condition has been handled to unlock the mutex properly. 6.2.1.4 Work-arounds: None. 6.2.2 DCE File Protections 6.2.2.1 Problem Description: The DCE specific preauthentication files in DCE$LOCAL:[VAR.SECURITY.PREAUTH] have been assigned with an invalid file ownership. Images Affected: - [SYSEXE]DCE$DCED.EXE - [SYSLIB]DCE$LIB_SHR.EXE 6.2.2.2 CLDs, and QARs reporting this problem: 6.2.2.2.1 CLD(s) CFS.98356/70-23-154 Page 10 6.2.2.2.2 QAR(s) None. 6.2.2.3 Problem Analysis: The short lived files will be created in the dce$local:[var.security.preauth]directory to hold the preauthentication data that the DCE login process obtains from the security client daemon (dce$dced). The wrong/invalid ownerships are being assigned to these files. The solution is to send the complete user identity, that contains both the GID and UID, from the client and parse the same in the dce$dced process for correct UID and GID to assign file ownership. 6.2.2.4 Work-arounds: None. 6.2.3 DCE3.0 ECO2 Causing Server to Crash %SYSTEM-F-OPCCUS 6.2.3.1 Problem Description: If a VMS DCE RPC application client calls a VMS DCE RPC server and then cancels the thread in which the RPC was started, the server crashes with the following message: 2003-03-20-16:53:31.137+01:00I4.884 PID#551581762 FATAL rpc cn_state CNSCLSM.C;1 3123 0x02165b40 Illegal state transition detected in CN server call state machine [cur_state: 255, cur_event: 102, call_rep: 1ec9240] %SYSTEM-F-OPCCUS, opcode reserved to customer fault at PC=FFFFFFFF80A3E434,PS=0000001B Images Affected: - [SYSLIB]DCE$LIB_SHR.EXE 6.2.3.2 CLDs, and QARs reporting this problem: 6.2.3.2.1 CLD(s) CFS.99204/70-23-172 Page 11 6.2.3.2.2 QAR(s) None. 6.2.3.3 Problem Analysis: Problem was due to the reject packet, which was sent during the failure of call rpc_cn_call_receive. The solution is do not send the reject packet when this call fails with the error rpc_s_call_orphaned. 6.2.3.4 Work-arounds: None. 6.2.4 DCE$CDSCLERK Aborted with Unexpected Exception Error 6.2.4.1 Problem Description: When a large number of ACMSxp processing servers are stopped and re-started several times in a loop, DCE$CDSCLERK process aborted with the following error: 2003-04-28-15:30:42.052+09:00I----- dce$cdsclerk(20200985) FATAL rpc recv CNRCVR.C;1 566 0x0418b580 (rpc_cn_network_receiver) Unexpected exception was raised Images Affected: - [SYSLIB]DCE$LIB_SHR.EXE 6.2.4.2 CLDs, and QARs reporting this problem: 6.2.4.2.1 CLD(s) CFS.100141/70-23-189 6.2.4.2.2 QAR(s) None. 6.2.4.3 Problem Analysis: The unexpected exception was raised because of the deletion of the condition variable, which was in use. To fix this problem call to the disconnect_pending was made, which signals the condition variables. Since all the waiters are released before deleting the condition variable, the unexpected exception raised error is not Page 12 seen with this fix. 6.2.4.4 Work-arounds: None. 6.2.5 CDSD Receiver Thread Crash 6.2.5.1 Problem Description: The DCE$CDSD process hangs with the following error: 2002-10-01-21:42:32.552-04:00I0.238 PID#541458706 FATAL rpc recv CNRCVR.C;1 563 0x0d563740(rpc__cn_network_receiver) Unexpected exception was raised Images Affected: - [SYSLIB]DCE$LIB_SHR.EXE 6.2.5.2 CLDs, and QARs reporting this problem: 6.2.5.2.1 CLD(s) CFS.102261/70-23-208 6.2.5.2.2 QAR(s) None. 6.2.5.3 Problem Analysis: The DCE$CDSD gets the V1_1 Authorization data from the security server. The V1_1 Authz data contains seals array structure. The minimum number of elements in the seals array structure should be 1. Under exception condition the element count is zero, thus CDSD access violates. 6.2.5.4 Work-arounds: None. Page 13 6.2.6 CDSD Reports CMA Alert Error 6.2.6.1 Problem Description: When stopping DCE$CDSD process using 'cdscp disable server' command, CMA-F-ALERT, following is the error reported in the DCE$CDSD.OUT file. %CMA-F-EXCCOPLOS, exception raised; some information lost -CMA-F-ALERTED, thread execution has been canceled Images Affected: - [SYSLIB]DCE$LIB_SHR.EXE 6.2.6.2 CLDs, and QARs reporting this problem: 6.2.6.2.1 CLD(s) CFS.102499/70-23-214 6.2.6.2.2 QAR(s) None. 6.2.6.3 Problem Analysis: On executing the above command the routine in the CDSD daemon responsible for cleanup job issues a pthread_cancel. This action forces the thread to execute sys$cancel to cancel the pending sys$qio and raise the pthread_cancel signal to the caller routine. Hence the caller routine receives the above CMA-F-ALERT error 6.2.6.4 Work-arounds: None. 6.2.7 gethostbyname() Function is Failing 6.2.7.1 Problem Description: Some times the rgy_edit command fails due to failure in gethostbyname() function. Images Affected: - [SYSLIB]DCE$LIB_SHR.EXE Page 14 6.2.7.2 CLDs, and QARs reporting this problem: 6.2.7.2.1 CLD(s) None. 6.2.7.2.2 QAR(s) 75-15-1010 6.2.7.3 Problem Analysis: gethostbyname function sometimes returns the error message resulting in failure of DCE commands. inet_addr function has been used to get the required TCP/IP host addresses. 6.2.7.4 Work-arounds: None. 6.2.8 DCE$SECD Aborts 6.2.8.1 Problem Description: The DCE Security Server aborted with the following error information: 2003-07-08-13:39:36.070+08:00I----- PID#2018 FATAL rpc recv KRBCLT.C;1 296 0x7bbe46f0 (rpc__krb_get_tkt) Unexpected exception was raised %CMA-F-EXCCOP, exception raised; VMS condition code follows -SYSTEM-F-OPCCUS, opcode reserved to customer fault atPC=FFFFFFFF80623E54, PS=0000001B. Images Affected: - [SYSLIB]DCE$LIB_SHR.EXE 6.2.8.2 CLDs, and QARs reporting this problem: 6.2.8.2.1 CLD(s) None. Page 15 6.2.8.2.2 QAR(s) 75-15-979 6.2.8.3 Problem Analysis: The implementation of realloc () is not handled properly for assigning current address to newly obtained address. It is seen that realloc () copied existing values to the obtained address and corrupts first element (num_ad) of supplied address. As the function proceed with old address and its corrupt value of num_ad, to copy new entries to non-existence addresses, the execution terminates with exception raised error. 6.2.8.4 Work-arounds: None. 6.2.9 DCE$DCED ACCVIO After Running ACMSxp Load Test for 2 Days 6.2.9.1 Problem Description: When a large number of ACMSxp processing servers are stopped and re-started several times in a loop for about 2 days, the DCE$DCED process access violated and DCE$DCED.OUT file contains many of the following errors: *** CREATE_NET_CHANNLE_W_MBX FAILURE *** 1b4 errors. Images Affected: - [SYSLIB]DCE$SOCKSHR_DNET_OSI.EXE 6.2.9.2 CLDs, and QARs reporting this problem: 6.2.9.2.1 CLD(s) None. 6.2.9.2.2 QAR(s) 75-15-1043 Page 16 6.2.9.3 Problem Analysis: The reason for CREATE_NET_CHANNLE_W_MBX FAILURE error is low CHANNELCNT value. The reason for access violation is NULL pointer reference during the failure of getnodebyname(). When the function getnodebyname() fails it retutns NULL and later we are dereferencing this. 6.2.9.4 Work-arounds: None. 6.2.10 Security Vulnerability - Denial of Service in DCE RPC 6.2.10.1 Problem Description: A potential denial of service has been identified on OpenVMS systems that have the DCE products installed or that are using the RPC portion of DCE that ships with the OpenVMS operating system. These OpenVMS systems could be vulnerable to a remote initiated Buffer Overflow, resulting in hang. Images Affected: - [SYSLIB]DCE$LIB_SHR.EXE 6.2.10.2 CLDs, and QARs reporting this problem: 6.2.10.2.1 CLD(s) None. 6.2.10.2.2 QAR(s) 75-15-1046 6.2.10.3 Problem Analysis: The presentation contaxt pres_context pointer becomes NULL when the function rpc_cn_assoc_syntax_lkup_by_id() is unsuccessful. Null pointer was to be handled properly. Page 17 6.2.10.4 Work-arounds: None. 6.2.11 RPC Shutdown Fails During DCED Cleanup 6.2.11.1 Problem Description: The DCE$RPC_SHUTDOWN.COM did not delete the files in dce$local:[var.dced] directory including EP.DB file. This may result in stale entries in EP.DB file, leading to DCE$DCED daemon crash. Images Affected: - [SYSLIB]DCE$RPC_SHUTDOWN.COM 6.2.11.2 CLDs, and QARs reporting this problem: 6.2.11.2.1 CLD(s) None. 6.2.11.2.2 QAR(s) 75-15-1065 6.2.11.3 Problem Analysis: dce$rpc_shutown.com suppose to delete the contents of dce$local[var.dced] directory with its "clean" option. While defining the symbol del_wild in dce$rpc_shutdown.com for subsequent delete operations, the directory tree is wrongly quoted, and hence unable to delete the files under dce$local:[var.dced] directory. 6.2.11.4 Work-arounds: None. 6.2.12 DCED ACCVIO When Start the dced by -x Option Page 18 6.2.12.1 Problem Description: When insufficient command line arguments are provided to DCE$DCED while invoking DCED daemon from command line in "Endpoint Mapper" m ode using "-x " option, the process crashes with "%SYSTEM-F-ACCVIO", access violation $ dced -x dce73$dka100:[sys0.syscommon.] [sysexe]dce$dced.exe;1:option requires an argument -- x %SYSTEM-F-ACCVIO, access violation, reason mask=00, virtual address=0000000000000000, PC=FFFFFFFF806 68324, PS=0000001B Images Affected: - [SYSLIB]DCE$DCED.EXE 6.2.12.2 CLDs, and QARs reporting this problem: 6.2.12.2.1 CLD(s) None. 6.2.12.2.2 QAR(s) 75-15-1061 6.2.12.3 Problem Analysis: A NULL pointer 'optarg' was being passed to an strcasecmp function due to this, 'strcasecmp' function was causing an access violation with VA=0. This can be avoided by checking the varible(optarg) for NULL before passing it to the function strcasecmp 6.2.12.4 Work-arounds: None. Page 19 6.2.13 DCE 3.0 RPC Hang Because of Increased Load 6.2.13.1 Problem Description: One of the DCE applications experienced some hang issues. On analyzing the problem it was noticed that the RPC listener thread of the DCED process went into an infinite loop and this caused the hang situation. Images Affected: - [SYSLIB]DCE$LIB_SHR.EXE 6.2.13.2 CLDs, and QARs reporting this problem: 6.2.13.2.1 CLD(s) CFS.103129/70-23-222 6.2.13.2.2 QAR(s) None. 6.2.13.3 Problem Analysis: The problem was due to the exhaustion of the BYTLM quota. However, the DCE$LIB_SHR.EXE image provided for this escalation was useful for some other problem i.e. initial rpc socket disconnections noticed at the customer site. Hence the fix is retained. 6.2.13.4 Work-arounds: None. 6.2.14 Grant RE Permission for World On PE_SITE File 6.2.14.1 Problem Description: The PE_SITE file does not have the "RE" permissions. Images Affected: - [SYSLIB]DCE$DCED.EXE Page 20 6.2.14.2 CLDs, and QARs reporting this problem: 6.2.14.2.1 CLD(s) None. 6.2.14.2.2 QAR(s) 75-15-1050 6.2.14.3 Problem Analysis: As the file is created every one hour, the file permissions can not be granted externally, as this operation needs to be repeated every hour. This file is a plain text and the "RE" permissions can be granted with no security threat possibilities. 6.2.14.4 Work-arounds: None. 6.2.15 DCE$SECD Process Crashes While Configuring DCE with "Invalid Endpoint Entry" error 6.2.15.1 Problem Description: While certifying DCE Version 3.0 ECO2 on OPAL, the DCE$SECD process crash with the CMA-F-EXCCOP and "Cannot register server", "invalid endpoint entry" error. Images Affected: - [SYSLIB]DCE$LIB_SHR.EXE 6.2.15.2 CLDs, and QARs reporting this problem: 6.2.15.2.1 CLD(s) None. 6.2.15.2.2 QAR(s) 75-83-1205 Page 21 6.2.15.3 Problem Analysis: The problem is due to creation of an extra DECnet OSI binding without NSAP address on OpenVMS V7.3-2 . A check to see the presence of NSAP address before creation of rpc address resolved the problem. 6.2.15.4 Work-arounds: None. 6.2.16 DCE Version 3.0 Client Example Programs ACCVIO When Compiled with -tracelog_manager 6.2.16.1 Problem Description: DCE client example programs located at [SYSHLP.EXAMPLES.DCE.RPC] generated using IDL -trace log_manager option access violate. The access violation occurs when the symbol RPC_LOG_FILE is defined. %SYSTEM-F-ACCVIO, access violation, reason mask=00, virtual address=000000000000 0000, PC=0000000000239F68, PS=0000001B Images Affected: - [SYSLIB]DCE$LIB_SHR.EXE 6.2.16.2 CLDs, and QARs reporting this problem: 6.2.16.2.1 CLD(s) None. 6.2.16.2.2 QAR(s) 75-15-996 6.2.16.3 Problem Analysis: The reason for failure is, the application was trying to access the address of the pointer variable rpc_ss_lm_v0_1_s_ifspec, which was null. The variable rpc_ss_lm_v0_1_s_ifspec has been initialized to null as the module RPC_SS_LM_SSTUB was not getting linked with dce$lib_shr.exe where this variable was assigned to a proper non-null interface handle address. Page 22 6.2.16.4 Work-arounds: None. 6.2.17 DCE$CDSADVER Process Hangs in the Client Configuration Phase 6.2.17.1 Problem Description: While configuring the DCE as a client, the dce$cdsadver process goes into the hang state, leading to the configuration hang. Images Affected: - [SYSLIB]DCE$SOCKSHR_IP.EXE 6.2.17.2 CLDs, and QARs reporting this problem: 6.2.17.2.1 CLD(s) CFS.95262,70-23-121 6.2.17.2.2 QAR(s) None. 6.2.17.3 Problem Analysis: The AST routine on checking the LSB word considers the sys$qio to be cancelled and thus skips executing the routine responsible for signaling the condition variable. The thread after issuing the SYS$QIO is actually waiting on condition variable to be signaled and there by blocks forever leading to a configuration hang. 6.2.17.4 Work-arounds: None. 6.2.18 Fixed Fatal Exception in rpc Receiver Thread Module CNRCVR Page 23 6.2.18.1 Problem Description: The application process reports "FATAL rpc recv CNRCVR.C;1" leading to an hang situation. The applications were to restart. Images Affected: - [SYSLIB]DCE$LIB_SHR.EXE 6.2.18.2 CLDs, and QARs reporting this problem: 6.2.18.2.1 CLD(s) CFS.95408/70-23-122 6.2.18.2.2 QAR(s) None. 6.2.18.3 Problem Analysis: An error condition has reported in the application process log due to a NULL pointer variable. The problem has triggered when the application process has received and processing the response packet on a client association. The code has been modified to handle the null pointer variable condition. 6.2.18.4 Work-arounds: None. 6.2.19 "FATAL rpc cn_state CNSCLSM.C;1" Reported by the Application Program 6.2.19.1 Problem Description: A "FATAL rpc cn_state CNSCLSM.C an Illegal state transition detected in CN server call state machine" error has been reported in the DCE application. The message does not display the correct state and event of the state machine. Images Affected: - [SYSLIB]DCE$LIB_SHR.EXE Page 24 6.2.19.2 CLDs, and QARs reporting this problem: 6.2.19.2.1 CLD(s) CFS.95596/70-23-124 6.2.19.2.2 QAR(s) None. 6.2.19.3 Problem Analysis: The message does not display the correct state and event of the state machine. It has been modified to report the correct state and event of the state machine. 6.2.19.4 Work-arounds: None. 6.2.20 DCE Security Issue: Tickets Fail to Re-authenticate 6.2.20.1 Problem Description: The thread responsible for the ticket refresh operation waits forever to unlock a mutex, leading to expiration of the self credentials. Images Affected: - [SYSLIB]DCE$LIB_SHR.EXE 6.2.20.2 CLDs, and QARs reporting this problem: 6.2.20.2.1 CLD(s) CFS.96681/70-23-134 6.2.20.2.2 QAR(s) None. 6.2.20.3 Problem Analysis: The thread catching an exception with the 'svc_c_action_abort', is returning from the a routine without unlocking the global mutex. Thus, the mutex remained locked. The coordinating thread, responsible for the ticket refresh operation, waits forever to Page 25 acquire the mutex. As this thread is blocked,the ticket refresh does not occur leading to the "Authentication Ticket Expired" problem. 6.2.20.4 Work-arounds: None. 6.2.21 DCOM$RPCSS Process was Aborting with the RMS Fatal Error 6.2.21.1 Problem Description: For each client request of the DCOM application, one persona is left out after the client completion. After running for several hours the personas accumulate and the DCOM$RPCSS process aborts with the RMS fatal error. Images Affected: - [SYSLIB]DCE$LIB_SHR.EXE 6.2.21.2 CLDs, and QARs reporting this problem: 6.2.21.2.1 CLD(s) None. 6.2.21.2.2 QAR(s) 75-15-1015 6.2.21.3 Problem Analysis: Modified the Routine rpc_winnt_cn_fmt_client_req to delete the old context handle if present, before creating the new context handle. 6.2.21.4 Work-arounds: None. 6.2.22 DCE Version 3.0 Hangs When the 100 Numbers of ACMSxp Processing Servers Startup at One Time. Page 26 6.2.22.1 Problem Description: When a large number of ACMSxp Processing servers are stopped and re-started several times in a loop, DCE goes into a hang state. Images Affected: - [SYSEXE]DCE$DCED.EXE 6.2.22.2 CLDs, and QARs reporting this problem: 6.2.22.2.1 CLD(s) CFS.85973,70-23-32 6.2.22.2.2 QAR(s) None. 6.2.22.3 Problem Analysis: A deadlock situation can occur when a particular thread locks a normal mutex for the second time. If the re-locking operation is to be attempted, then, the mutex on which the re-locking is done must either be an Error_Check or a Recursive mutex. The 'Normal' mutex was changed to 'Error_Check' to avoidthe deadlocks. 6.2.22.4 Work-arounds: None. 6.2.23 Cancel of RPC-call Leaves BG Device 6.2.23.1 Problem Description: On cancellation of an RPC-call, the BG devices (Sockets) that were allocated are not released. Several such RPC call cancellations can result in a pileup of BG devices leading to a resource leak. Images Affected: - [SYSLIB]DCE$LIB_SHR.EXE Page 27 6.2.23.2 CLDs, and QARs reporting this problem: 6.2.23.2.1 CLD(s) CFS.86030,70-23-33 6.2.23.2.2 QAR(s) None. 6.2.23.3 Problem Analysis: The process/thread, when cancelled, has to perform a clean up activity on the resources associated with it. The problem occurred because the BG devices were not released on cancellation. 6.2.23.4 Work-arounds: None. 6.2.24 DCE$RPCD Memory Leak with Unauthenticated DCOM Mode 6.2.24.1 Problem Description: A memory leak is encountered in DCE/RPC when DCOM is functional in unauthenticated mode. Images Affected: - [SYSLIB]DCE$LIB_SHR.EXE 6.2.24.2 CLDs, and QARs reporting this problem: 6.2.24.2.1 CLD(s) CFS.86564/70-23-34, CFS.94040/70-23-106 6.2.24.2.2 QAR(s) None. 6.2.24.3 Problem Analysis: The problem manifests itself because the association group for the RPC calls were not getting closed and new associations were getting created each time. The resources related to earlier associations were not released. This results in the piling up of the resources Page 28 and expansion of the association group table. This drastically reduced the page file quota of DCED process. Closing the association groups eliminates this problem. 6.2.24.4 Work-arounds: None. 6.2.25 DCE$DCED Version 3.0 Process Terminates 6.2.25.1 Problem Description: Under load, the DCE$DCED process terminates with the following error: (socket) rpc_socket_disp_select *** FATAL ERROR at SOCKDISPATCH.C;13755 *** %CMA-F-EXCCOP, exception raised; VMS condition code follows SYSTEM-F-OPCCUS,opcode reserved to customer fault at PC=00000000007043A8, PS=0 000001B %SYSTEM-F-ABORT, abort Images Affected: - [SYSLIB]DCE$SOCKSHR_IP.EXE 6.2.25.2 CLDs, and QARs reporting this problem: 6.2.25.2.1 CLD(s) CFS.87111/70-23-38, CFS.87112/70-23-39 6.2.25.2.2 QAR(s) None. 6.2.25.3 Problem Analysis: The channel associated with a socket device is de-assigned in routine rpc_socket_cancel_select. This is the point where a SS$_IVCHAN error is returned, causing DCED to abort. Page 29 6.2.25.4 Work-arounds: None. 6.2.26 DCE Tickets Expire Right After Starting ACMSxp TP System 6.2.26.1 Problem Description: The login context specific to application processes expires immediately after starting ACMSxp TP system. The TP System makes use of credentials obtained after a dce_login with "acmsxp_svr" as the principal name. Klist fails with the following error: No DCE identity available: No currently established network identity for which context exists (dce / sec) Images Affected: - [SYSLIB]DCE$LIB_SHR.EXE 6.2.26.2 CLDs, and QARs reporting this problem: 6.2.26.2.1 CLD(s) CFS.87927/70-23-51 6.2.26.2.2 QAR(s) None. 6.2.26.3 Problem Analysis: Before starting TP System processes, it is necessary to login into the DCE environment using dce_login command. On successful DCE login, five credential files will be created. While starting the TP system processes three out of these five files were getting renamed. Since klist does not find the original files, it appears as if tickets were expired. The code has been modified such that credential files are copied but not renamed. 6.2.26.4 Work-arounds: None. Page 30 6.2.27 DCE Version 3.0 Death of DCE$DCED 6.2.27.1 Problem Description: When a command procedure containing dce_login and ACMSxp commands is executed in an infinite loop, the DCE$DCED process aborts with a SYSTEM-F-ACCVIO error. Images Affected: - [SYSLIB]DCE$LIB_SHR.EXE 6.2.27.2 CLDs, and QARs reporting this problem: 6.2.27.2.1 CLD(s) None. 6.2.27.2.2 QAR(s) None. 6.2.27.3 Problem Analysis: Several "invalid ticket" and "thread exiting due to exception" errors were reported in the dce$dced.out file prior to the access violation. Improper handling of the memory allocation and de-allocation routines and failure of the gethostbyname function are the causes of the problem. 6.2.27.4 Work-arounds: None. 6.2.28 Question on RPC and TCPware 6.2.28.1 Problem Description: DCE Version 3.0 RPC only configuration fails on systems with TCPWARE as the IP product. The configuration program terminates abnormally. Images Affected: - [SYSMGR]DCE$RPC_STARTUP.COM Page 31 6.2.28.2 CLDs, and QARs reporting this problem: 6.2.28.2.1 CLD(s) CFS.93017/70-23-91 6.2.28.2.2 QAR(s) None. 6.2.28.3 Problem Analysis: The problem was due to the failure of the UCX commands, which work on Compaq's TCPIP product, but not on third party products. The solution is to check for the logical DCE$INTERNET that has been used to identify the TCPIP product installed on the system, and take appropriate action. 6.2.28.4 Work-arounds: None. 6.2.29 FATAL rpc recv CNRCVR.C;1 563 0x0e41db40 6.2.29.1 Problem Description: There was a case where a NULL pointer check was not being made in RPC Runtime code. The new image takes care of this problem. Images Affected: - [SYSLIB]DCE$LIB_SHR.EXE 6.2.29.2 CLDs, and QARs reporting this problem: 6.2.29.2.1 CLD(s) CFS.93050/70-23-92 6.2.29.2.2 QAR(s) None. Page 32 6.2.29.3 Problem Analysis: A check for NULL pointers has been incorporated into the code to prevent possible "Unexpected exceptions" due to missing "NULL" checks. 6.2.29.4 Work-arounds: This is not a complete solution to the problem. This is being dealt in escalations 70-23-101, 70-23-122. The workaround available is to restart the application process. 6.2.30 Bug in rpc_binding_from_string_binding in DCE Version 3.0 6.2.30.1 Problem Description: When a call to rpc_binding_from_string_binding fails, the subsequent calls to this function hang forever. The new RPC Runtime library fixes the bug in "rpc_binding_from_string_binding". Images Affected: - [SYSLIB]DCE$LIB_SHR.EXE 6.2.30.2 CLDs, and QARs reporting this problem: 6.2.30.2.1 CLD(s) None. 6.2.30.2.2 QAR(s) 75-15-993 6.2.30.3 Problem Analysis: When function rpc_binding_from_string_binding fails, the corresponding mutex is not released. The mutex associated with the thread remains in a locked state and its never released. So, any subsequent calls to this routine by other threads remains in waiting to lock state leading to a hang. Appropriate code has been added to unlock the mutex under failure conditions. Page 33 6.2.30.4 Work-arounds: None. 6.2.31 Need Mechanism to Disable RPC Messages 6.2.31.1 Problem Description: When running DCOM applications between Windows 2000 and VMS systems, several RPC_CN_CREATE_AUTH_INFO messages are logged into the DCOM$RPCSS.OUT file leading to exhaustion of disk space. This problem has now been resolved in the new image. User will need to define a logical "DCE_DISABLE_LOGGING" to 1 either system or process wide for disabling the error messages. $ DEFINE/SYSTEM/EXEC DCE_DISABLE_LOGGING 1 or $ DEFINE DCE_DISABLE_LOGGING 1 Images Affected: - [SYSLIB]DCE$LIB_SHR.EXE 6.2.31.2 CLDs, and QARs reporting this problem: 6.2.31.2.1 CLD(s) None. 6.2.31.2.2 QAR(s) 75-15-994 6.2.31.3 Problem Analysis: A system wide logical, "DCE_DISABLE_LOGGING" has to be used to disable the continuous logging of "RPC_CN_AUTH_CREATE_INFO" error messages into the DCOM$RPCSS.OUT file. 6.2.31.4 Work-arounds: None. Page 34 6.2.32 Problem Between Authenticated DCOM and Windows 2000 at the DCE/RPC 6.2.32.1 Problem Description: Failure to detect or ping an active Windows 2000 Client, while running Authenticated DCOM between a Windows 2000 and OpenVMS System, would cause the DCOM Server applications to timeout and run down after a period of about 10 minutes. Several "RPC_CN_AUTH_VFY_CLIENT_REQ" error messages appear in DCOM$RPCSS.OUT file in intervals of 2 minutes. 2001-10-02-17:01:58.468-04:00I0.629 PID#330 ERROR rpc auth CNSASSM.C;1 4654 0x01eb9740 RPC_CN_AUTH_VFY_CLIENT_REQ on server failed: invalid handle (dce /rpc) Images Affected: - [SYSLIB]DCE$LIB_SHR.EXE 6.2.32.2 CLDs, and QARs reporting this problem: 6.2.32.2.1 CLD(s) None. 6.2.32.2.2 QAR(s) 75-15-988 6.2.32.3 Problem Analysis: The change is specific to COM customers. 'ContextReq' comparison check is avoided to eliminate the issue. 6.2.32.4 Work-arounds: None. 6.2.33 SVC Logging is Not Functional for RPC Page 35 6.2.33.1 Problem Description: The serviceability logging feature does not log the RPC information into the log files, though it creates the file. Images Affected: - [SYSLIB]DCE$LIB_SHR.EXE 6.2.33.2 CLDs, and QARs reporting this problem: 6.2.33.2.1 CLD(s) None. 6.2.33.2.2 QAR(s) 75-15-998 6.2.33.3 Problem Analysis: This is a build issue. There should be hash definition on the compiler command line that enables the debug flag to log the RPC information. 6.2.33.4 Work-arounds: None. 6.2.34 RPC Fatal Exception in DCOM$RPCSS When Running DCOM Application from Windows 2K After a New Login 6.2.34.1 Problem Description: RPC Fatal Exceptions are reported in DCOM$RPCSS.OUT when running DCOM applications, from Windows 2000, after a new login. DCOM$RPCSS process reports the following exception in the OUT file: 2002-04-18-15:04:17.604-04:00I0.113 PID#21370 FATAL rpc recv CNRCVR.C;5 563 0x015a5740 (rpc_cn_network_receiver) Unexpected exception was raised Images Affected: Page 36 - [SYSLIB]DCE$LIB_SHR.EXE 6.2.34.2 CLDs, and QARs reporting this problem: 6.2.34.2.1 CLD(s) None. 6.2.34.2.2 QAR(s) 75-15-1001 6.2.34.3 Problem Analysis: RPC catches an Unexpected Exception when a DCOM application on W2K contacts the DCOM application on the VMS system. The exception is caught while accessing the RPCs association group that is pointing to an invalid group. 6.2.34.4 Work-arounds: None. 6.2.35 DCE Version 3.0 Client Example Programs ACCVIO When Compiled with IDL "-tracelog_manager" 6.2.35.1 Problem Description: DCE client example programs located in [SYSHLP.EXAMPLES.DCE.RPC], generated using the IDL "-trace log_manager" option, access violate. The access violation occurs when the symbol RPC_LOG_FILE is defined. %SYSTEM-F-ACCVIO, access violation, reason mask=00, virtual address=000000000000 0000, PC=0000000000239F68, PS=0000001B Images Affected: - [SYSLIB]DCE$LIB_SHR.EXE Page 37 6.2.35.2 CLDs, and QARs reporting this problem: 6.2.35.2.1 CLD(s) None. 6.2.35.2.2 QAR(s) 75-15-996 6.2.35.3 Problem Analysis: The reason for failure is, the application was trying to access the address of the pointer variable rpc_ss_lm_v0_1_s_ifspec, which was null. The variable rpc_ss_lm_v0_1_s_ifspec has been initialized to null as the module RPC_SS_LM_SSTUB was not getting linked with dce$lib_shr.exe where this variable was assigned to a proper non-null interface handle address. 6.2.35.4 Work-arounds: None. 6.2.36 rpc_mgmt Authorization Function Does Not Work as Documented 6.2.36.1 Problem Description: According to the OSF documentation, when a user defined authorization function returns false, the status value from the user supplied function is to be returned to the client. The RPC runtime always returns status "rpc_s_mgmt_op_disallowed" when the user function returns false. Images Affected: - [SYSLIB]DCE$LIB_SHR.EXE 6.2.36.2 CLDs, and QARs reporting this problem: 6.2.36.2.1 CLD(s) None. Page 38 6.2.36.2.2 QAR(s) 75-15-956 6.2.36.3 Problem Analysis: As per the OSF documentation, the rpc_mgmt_authorization_check routine has been modified. The RPC runtime module is MGMT.C. If the user defined authorization function is NULL, the default status value is returned to the client. If the user defined authorization function returns FALSE, a check is made on the status. If the status value is rpc_s_ok or zero, rpc_mgmt_op_disallowed is returned to the client. If the status value is anything other than rpc_s_ok or zero status, the status value will be returned to the client. 6.2.36.4 Work-arounds: None. 6.2.37 Cannot Create an RPC Only Configuration on DCE Version 3.0 6.2.37.1 Problem Description: Cannot configure and start an RPC only configuration on DCE Version 3.0. Running uuidgen results in the error: $ run sys$system:dce$uuidgen %UUIDGEN-F-RPC_MESSAGE, Received Error Status: "no IEEE 802 hardware address" Images Affected: - [SYSLIB]DCE$LIB_SHR.EXE 6.2.37.2 CLDs, and QARs reporting this problem: 6.2.37.2.1 CLD(s) CFS.83399, CFS.83220/70-3-4594/70-3-4564 Page 39 6.2.37.2.2 QAR(s) None. 6.2.37.3 Problem Analysis: A driver for a device in the DCE ethernet device list, SMA0:, was successfully returning from a QIOW to obtain an ethernet address. The buffer provided from the QIO did not contain an ethernet address. 6.2.37.4 Work-arounds: None. 6.2.38 DCE Version 3.0 Possibly Not Deleting all Credentials When a kdestroy is Run 6.2.38.1 Problem Description: kdestroy does not delete the credential files at DCE$LOCAL:[VAR.SECURITY.CREDS] Images Affected: - [SYSLIB]DCE$LIB_SHR.EXE 6.2.38.2 CLDs, and QARs reporting this problem: 6.2.38.2.1 CLD(s) CFS.84565/70-23-18 6.2.38.2.2 QAR(s) None. 6.2.38.3 Problem Analysis: For each dce_login some credential files get created at DCE$LOCAL:[VAR.SECURITY.CREDS]. Before this correction, a login was creating one extra file. kdestroy was not aware of that file and hence not deleting it. The module sec_login_pvt.c has been modified so that dce_login does not create the unnecessary extra file. This was also impacting a DCE Clean operation. Page 40 6.2.38.4 Work-arounds: None. 6.2.39 DCE Version 3.0, Application Getting 'Name Service Unavailable Error' 6.2.39.1 Problem Description: During startup, whenever a client application imports the binding information from the name service database, using the rpc call rpc_ns_binding_import_next( ), if there are less than thirteen free event flags, the RPC call fails with the 'name service unavailable' error. Images Affected: - [SYSLIB]DCE$SOCKSHR_IP.EXE 6.2.39.2 CLDs, and QARs reporting this problem: 6.2.39.2.1 CLD(s) CFS.83491/70-3-4597 6.2.39.2.2 QAR(s) None. 6.2.39.3 Problem Analysis: When client applications make use of the rpc_ns_binding_import_next call for importing the binding information from the name service database - CDS with less than or equal to 12 event flags, all 12 event flags were being blocked by the code and no free event flags would be available for synchronization. This restriction has now been removed from the code RPC$SOCKSHR_UCX. 6.2.39.4 Work-arounds: None. 7 INSTALLATION INSTRUCTIONS: Page 41 7.1 Installation Command Install this kit with the VMSINSTAL utility by logging into the SYSTEM account, and typing the following at the DCL prompt: @SYS$UPDATE:VMSINSTAL VAXRPC02_073 [location of the saveset] The saveset location may be a tape drive, CD, or a disk directory that contains the kit saveset. 8 COPYRIGHT AND DISCLAIMER: (C) Copyright 2003 Hewlett-Packard Development Company, L.P. Confidential computer software. Valid license from HP and/or its subsidiaries required for possession, use, or copying. Consistent with FAR 12.211 and 12.212, Commercial Computer Software, Computer Software Documentation, and Technical Data for Commercial Items are licensed to the U.S. Government under vendor's standard commercial license. Neither HP nor any of its subsidiaries shall be liable for technical or editorial errors or omissions contained herein. The information in this document is provided "as is" without warranty of any kind and is subject to change without notice. The warranties for HP products are set forth in the express limited warranty statements accompanying such products. Nothing herein should be construed as constituting an additional warranty. DISCLAIMER OF WARRANTY AND LIMITATION OF LIABILITY THIS PATCH IS PROVIDED AS IS, WITHOUT WARRANTY OF ANY KIND. ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR PARTICULAR PURPOSE, OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED TO THE EXTENT PERMITTED BY APPLICABLE LAW. IN NO EVENT WILL COMPAQ BE LIABLE FOR ANY LOST REVENUE OR PROFIT, OR FOR SPECIAL, INDIRECT, CONSEQUENTIAL, INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE THEORY OF LIABILITY, WITH RESPECT TO ANY PATCH MADE AVAILABLE HERE OR TO THE USE OF SUCH PATCH.