>Number:         19838
>Category:       bin
>Synopsis:       dhclient dumps core if server sends renewal time of 0xffffffff
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    bin-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Mon Jan 13 06:50:00 PST 2003
>Closed-Date:
>Last-Modified:
>Originator:     Laine Stump
>Release:        NetBSD 1.6K as of 2002-01-13
>Organization:
V-One Corporation
>Environment:
System: NetBSD idris.laine.org 1.6K NetBSD 1.6K (SV24) #4: Wed Jan 1 19:29:45 EET 2003 laine@idris.laine.org:/usr/src/sys/arch/i386/compile/SV24 i386
Architecture: i386
Machine: i386
>Description:

My ISP recently changed their DHCP server to send "extremely long"
lease (option 51) and renewal (option 58) times, ie they now send
0xffffffff for both values. when dhclient gets a DHCPOFFER with a
0xffffffff for the renewal time, it dumps core with a FP exception on
line 791 of dhclient.c

>How-To-Repeat:

Configure a DHCP server to send 0xFFFFFFFF for renewal time (the lease
time option doesn't seem to matter), then have a dhclient get a lease
from that server.

>Fix:

This did it for me. Once renewal is set to 0, it gets set to ~
expiry/2 by code further down.

Obviously this should be fed back into the original source as well as
NetBSD's copy.

Index: dhclient.c
===================================================================
RCS file: /cvsroot/src/dist/dhcp/client/dhclient.c,v
retrieving revision 1.7
diff -r1.7 dhclient.c
777c777
<               if (ds.len > 3)
---
>               if (ds.len > 3) {
779c779,781
<               else
---
>                       if (client -> new -> renewal < 0)
>                               client -> new -> renewal = 0;
>               } else
>Release-Note:
>Audit-Trail:
>Unformatted: