Bug#694650: [pkg-dhcp-devel] Bug#694650: setting "backoff_cutoff 0; " crashes dhclient with div-by-0

Andrew Pollock Wed, 28 Nov 2012 13:03:12 -0800

On Wed, Nov 28, 2012 at 08:43:32AM -0800, Kees Cook wrote:
> Package: isc-dhcp
> Version: 4.2.4-3
> Severity: normal
> Tags: patch
> User: ubuntu-de...@lists.ubuntu.com
> Usertags: origin-ubuntu raring
> 
> Hi,
> 
> If I set "backoff_cutoff 0;", dhclient will crash with a divide-by-zero
> instead of handling the case gracefully.
> 
> The attached patch fixes this problem.


Thanks, has this been reported upstream?
 
> Thanks,
> 
> -Kees
> 
> -- 
> Kees Cook                                            @debian.org

> Description: setting "backoff-cutoff 0;" in dhclient.conf will cause
>  dhclient to divide by zero and crash. It should be handled more
>  gracefully.
> Author: Kees Cook <k...@ubuntu.com>
> 
> Index: isc-dhcp-4.2.4/client/dhclient.c
> ===================================================================
> --- isc-dhcp-4.2.4.orig/client/dhclient.c     2012-11-28 08:16:06.000000000 
> -0800
> +++ isc-dhcp-4.2.4/client/dhclient.c  2012-11-28 08:34:30.051276136 -0800
> @@ -1874,9 +1874,12 @@
>                       client->interval += random() % (2 * client->interval);
>  
>               /* Don't backoff past cutoff. */
> -             if (client->interval > client->config->backoff_cutoff)
> -                     client->interval = (client->config->backoff_cutoff / 2)
> -                              + (random() % client->config->backoff_cutoff);
> +             if (client->interval > client->config->backoff_cutoff) {
> +                     client->interval = (client->config->backoff_cutoff / 2);
> +                     if (client->config->backoff_cutoff)
> +                             client->interval += (random() %
> +                                     client->config->backoff_cutoff);
> +             }
>       } else if (!client->interval)
>               client->interval = client->config->initial_interval;
>  
> @@ -2119,11 +2122,13 @@
>  
>       /* Don't backoff past cutoff. */
>       if (client -> interval >
> -         client -> config -> backoff_cutoff)
> +         client -> config -> backoff_cutoff) {
>               client -> interval =
> -                     ((client -> config -> backoff_cutoff / 2)
> -                      + ((random () >> 2) %
> -                                     client -> config -> backoff_cutoff));
> +                     (client -> config -> backoff_cutoff / 2);
> +             if (client -> config -> backoff_cutoff)
> +                     client -> interval += ((random () >> 2) %
> +                             client -> config -> backoff_cutoff);
> +     }
>  
>       /* If the backoff would take us to the expiry time, just set the
>          timeout to the expiry time. */

> _______________________________________________
> pkg-dhcp-devel mailing list
> pkg-dhcp-de...@lists.alioth.debian.org
> http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-dhcp-devel

signature.asc
Description: Digital signature

Bug#694650: [pkg-dhcp-devel] Bug#694650: setting "backoff_cutoff 0; " crashes dhclient with div-by-0

Reply via email to