Subject: bin/19838: dhclient dumps core if server sends renewal time of 0xffffffff
To: None <gnats-bugs@gnats.netbsd.org>
From: Laine Stump <lainestump@rcn.com>
List: netbsd-bugs
Date: 01/13/2003 16:49:07
>Number: 19838
>Category: bin
>Synopsis: dhclient dumps core if server sends renewal time of 0xffffffff
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: bin-bug-people
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Mon Jan 13 06:50:00 PST 2003
>Closed-Date:
>Last-Modified:
>Originator: Laine Stump
>Release: NetBSD 1.6K as of 2002-01-13
>Organization:
V-One Corporation
>Environment:
System: NetBSD idris.laine.org 1.6K NetBSD 1.6K (SV24) #4: Wed Jan 1 19:29:45 EET 2003 laine@idris.laine.org:/usr/src/sys/arch/i386/compile/SV24 i386
Architecture: i386
Machine: i386
>Description:
My ISP recently changed their DHCP server to send "extremely long"
lease (option 51) and renewal (option 58) times, ie they now send
0xffffffff for both values. when dhclient gets a DHCPOFFER with a
0xffffffff for the renewal time, it dumps core with a FP exception on
line 791 of dhclient.c
>How-To-Repeat:
Configure a DHCP server to send 0xFFFFFFFF for renewal time (the lease
time option doesn't seem to matter), then have a dhclient get a lease
from that server.
>Fix:
This did it for me. Once renewal is set to 0, it gets set to ~
expiry/2 by code further down.
Obviously this should be fed back into the original source as well as
NetBSD's copy.
Index: dhclient.c
===================================================================
RCS file: /cvsroot/src/dist/dhcp/client/dhclient.c,v
retrieving revision 1.7
diff -r1.7 dhclient.c
777c777
< if (ds.len > 3)
---
> if (ds.len > 3) {
779c779,781
< else
---
> if (client -> new -> renewal < 0)
> client -> new -> renewal = 0;
> } else
>Release-Note:
>Audit-Trail:
>Unformatted: