[pkg-dhcp-devel] Bug#694650: Bug#694650: setting "backoff_cutoff 0; " crashes dhclient with div-by-0

Andrew Pollock apollock at debian.org
Wed Nov 28 20:48:59 UTC 2012 

On Wed, Nov 28, 2012 at 08:43:32AM -0800, Kees Cook wrote:
> Package: isc-dhcp
> Version: 4.2.4-3
> Severity: normal
> Tags: patch
> User: ubuntu-devel at lists.ubuntu.com
> Usertags: origin-ubuntu raring
> 
> Hi,
> 
> If I set "backoff_cutoff 0;", dhclient will crash with a divide-by-zero
> instead of handling the case gracefully.
> 
> The attached patch fixes this problem.

Thanks, has this been reported upstream?
 
> Thanks,
> 
> -Kees
> 
> -- 
> Kees Cook                                            @debian.org

> Description: setting "backoff-cutoff 0;" in dhclient.conf will cause
>  dhclient to divide by zero and crash. It should be handled more
>  gracefully.
> Author: Kees Cook <kees at ubuntu.com>
> 
> Index: isc-dhcp-4.2.4/client/dhclient.c
> ===================================================================
> --- isc-dhcp-4.2.4.orig/client/dhclient.c	2012-11-28 08:16:06.000000000 -0800
> +++ isc-dhcp-4.2.4/client/dhclient.c	2012-11-28 08:34:30.051276136 -0800
> @@ -1874,9 +1874,12 @@
>  			client->interval += random() % (2 * client->interval);
>  
>  		/* Don't backoff past cutoff. */
> -		if (client->interval > client->config->backoff_cutoff)
> -			client->interval = (client->config->backoff_cutoff / 2)
> -				 + (random() % client->config->backoff_cutoff);
> +		if (client->interval > client->config->backoff_cutoff) {
> +			client->interval = (client->config->backoff_cutoff / 2);
> +			if (client->config->backoff_cutoff)
> +				client->interval += (random() %
> +					client->config->backoff_cutoff);
> +		}
>  	} else if (!client->interval)
>  		client->interval = client->config->initial_interval;
>  
> @@ -2119,11 +2122,13 @@
>  
>  	/* Don't backoff past cutoff. */
>  	if (client -> interval >
> -	    client -> config -> backoff_cutoff)
> +	    client -> config -> backoff_cutoff) {
>  		client -> interval =
> -			((client -> config -> backoff_cutoff / 2)
> -			 + ((random () >> 2) %
> -					client -> config -> backoff_cutoff));
> +			(client -> config -> backoff_cutoff / 2);
> +		if (client -> config -> backoff_cutoff)
> +			client -> interval += ((random () >> 2) %
> +				client -> config -> backoff_cutoff);
> +	}
>  
>  	/* If the backoff would take us to the expiry time, just set the
>  	   timeout to the expiry time. */

> _______________________________________________
> pkg-dhcp-devel mailing list
> pkg-dhcp-devel at lists.alioth.debian.org
> http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-dhcp-devel

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-dhcp-devel/attachments/20121128/8956d674/attachment.pgp>

More information about the pkg-dhcp-devel mailing list