netbsd-bugs: bin/11795: dhclient coredumps with RCN 3com DOCSIS cablemodem

Subject: bin/11795: dhclient coredumps with RCN 3com DOCSIS cablemodem
To: None <gnats-bugs@gnats.netbsd.org>
From: None <nocturne@arepa.com>
List: netbsd-bugs
Date: 12/22/2000 12:18:18
>Number:         11795
>Category:       bin
>Synopsis:       dhclient coredumps with RCN 3com DOCSIS cablemodem
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    bin-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Fri Dec 22 12:18:00 PST 2000
>Closed-Date:
>Last-Modified:
>Originator:     Eric Mumpower
>Release:        Stock NetBSD 1.5 <NetBSD-current source date>
>Organization:
Arepa
	
>Environment:
	
eschatology, stock NetBSD 1.5, i386

>Description:

The stock NetBSD 1.5 dhclient core dumps when run against an
RCN-provisioned DOCSIS cablemodem ("OfficeConnect", model 3CR29210
with 56-bit DES, H/W rev B2, S/W rev 3.1.0). A checkout and build of
the -current basesrc/usr.sbin/dhcp suffers what is, as far as I can
tell, precisely the same problem.

However, a build of the current release of ISC DHCP client
(V3.0b2pl11) seems to work properly.

>How-To-Repeat:
>Fix:

One way to fix this problem is to import up to ISC DHCP V3.0b2pl11 --
this problem is absent when using that dhclient. I'm not sure, of
course, that this is the stablest way to solve this problem.
>Release-Note:
>Audit-Trail:
>Unformatted:
 >To-Repeat:
 
 Connect NetBSD system to 3com DOCSIS cablemodem, as provisioned and
 configured by RCN in the Boston, Massachusetts area. Discover,
 experimentally, that the stock NetBSD 1.5 dhclient coredumps with no
 config files when invoked as "dhclient ex0".
 
 I made a CVS checkout of the head of the mainline:
 "cvs co -d dhcp basesrc/usr.sbin/dhcp", and built it with debugging
 symbols: "make CFLAGS="-g -O2". Then:
 
 > # gdb client/dhclient
 > GNU gdb 4.17
 > Copyright 1998 Free Software Foundation, Inc.
 > GDB is free software, covered by the GNU General Public License, and you are
 > welcome to change it and/or distribute copies of it under certain conditions.
 > Type "show copying" to see the conditions.
 > There is absolutely no warranty for GDB.  Type "show warranty" for details.
 > This GDB was configured as "i386--netbsd"...
 > (gdb) run ex0
 > Starting program: /usr/nocturne/dhcp/dhcp/client/dhclient ex0
 > Internet Software Consortium DHCP Client V3.0b2pl9
 > Copyright 1995-2000 Internet Software Consortium.
 > All rights reserved.
 > For info, please visit http://www.isc.org/products/DHCP
 > 
 > Listening on BPF/ex0/00:50:da:55:f2:e9
 > Sending on   BPF/ex0/00:50:da:55:f2:e9
 > Sending on   Socket/fallback
 > DHCPREQUEST on ex0 to 255.255.255.255 port 67
 > 
 > Program received signal SIGSEGV, Segmentation fault.
 > 0xbfbfbf8b in ?? ()
 > (gdb) where
 > #0  0xbfbfbf8b in ?? ()
 > #1  0x806b236 in parse_option_buffer (options=0x80c46c0, 
 >     buffer=0xbfbfc0e0 "5\001\0066\004\006 \020R\016\001\004", length=60, 
 >     universe=0x80c2b20) at options.c:161
 > #2  0x806b0ad in parse_options (packet=0x80c6500) at options.c:81
 > #3  0x806dae6 in do_packet (interface=0x80c6000, packet=0xbfbfbff0, len=300, 
 >     from_port=17152, from={len = 4, 
 >       iabuf = "\n\022M-d\001\fM-PM-?M-?M-<M-OM-?M-?\000\000\000"}, hfrom=0xbfbfd004)
 [previous line passed through "cat -v" because of ASCII characters > 127]
 >     at options.c:1923
 > #4  0x8057adb in got_one (h=0x80c6000) at discover.c:712
 > #5  0x8052c43 in omapi_one_dispatch (wo=0x0, t=0xbfbfd108) at dispatch.c:378
 > #6  0x8056c32 in dispatch () at dispatch.c:94
 > #7  0x8048cde in main (argc=2, argv=0xbfbfd5fc, envp=0xbfbfd608)
 >     at dhclient.c:407
 > #8  0x80481c5 in ___start ()
 > (gdb)