[pkg-dhcp-devel] Bug#694650: Bug#694650: setting "backoff_cutoff 0; " crashes dhclient with div-by-0
Andrew Pollock
apollock at debian.org
Wed Nov 28 20:48:59 UTC 2012
On Wed, Nov 28, 2012 at 08:43:32AM -0800, Kees Cook wrote:
> Package: isc-dhcp
> Version: 4.2.4-3
> Severity: normal
> Tags: patch
> User: ubuntu-devel at lists.ubuntu.com
> Usertags: origin-ubuntu raring
>
> Hi,
>
> If I set "backoff_cutoff 0;", dhclient will crash with a divide-by-zero
> instead of handling the case gracefully.
>
> The attached patch fixes this problem.
Thanks, has this been reported upstream?
> Thanks,
>
> -Kees
>
> --
> Kees Cook @debian.org
> Description: setting "backoff-cutoff 0;" in dhclient.conf will cause
> dhclient to divide by zero and crash. It should be handled more
> gracefully.
> Author: Kees Cook <kees at ubuntu.com>
>
> Index: isc-dhcp-4.2.4/client/dhclient.c
> ===================================================================
> --- isc-dhcp-4.2.4.orig/client/dhclient.c 2012-11-28 08:16:06.000000000 -0800
> +++ isc-dhcp-4.2.4/client/dhclient.c 2012-11-28 08:34:30.051276136 -0800
> @@ -1874,9 +1874,12 @@
> client->interval += random() % (2 * client->interval);
>
> /* Don't backoff past cutoff. */
> - if (client->interval > client->config->backoff_cutoff)
> - client->interval = (client->config->backoff_cutoff / 2)
> - + (random() % client->config->backoff_cutoff);
> + if (client->interval > client->config->backoff_cutoff) {
> + client->interval = (client->config->backoff_cutoff / 2);
> + if (client->config->backoff_cutoff)
> + client->interval += (random() %
> + client->config->backoff_cutoff);
> + }
> } else if (!client->interval)
> client->interval = client->config->initial_interval;
>
> @@ -2119,11 +2122,13 @@
>
> /* Don't backoff past cutoff. */
> if (client -> interval >
> - client -> config -> backoff_cutoff)
> + client -> config -> backoff_cutoff) {
> client -> interval =
> - ((client -> config -> backoff_cutoff / 2)
> - + ((random () >> 2) %
> - client -> config -> backoff_cutoff));
> + (client -> config -> backoff_cutoff / 2);
> + if (client -> config -> backoff_cutoff)
> + client -> interval += ((random () >> 2) %
> + client -> config -> backoff_cutoff);
> + }
>
> /* If the backoff would take us to the expiry time, just set the
> timeout to the expiry time. */
> _______________________________________________
> pkg-dhcp-devel mailing list
> pkg-dhcp-devel at lists.alioth.debian.org
> http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-dhcp-devel
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-dhcp-devel/attachments/20121128/8956d674/attachment.pgp>
More information about the pkg-dhcp-devel
mailing list