From nobody@FreeBSD.ORG Fri Nov 12 12:30:11 1999
Return-Path: <nobody@FreeBSD.ORG>
Received: by hub.freebsd.org (Postfix, from userid 32767)
	id 6805714D47; Fri, 12 Nov 1999 12:30:11 -0800 (PST)
Message-Id: <19991112203011.6805714D47@hub.freebsd.org>
Date: Fri, 12 Nov 1999 12:30:11 -0800 (PST)
From: mjy@pobox.com
Sender: nobody@FreeBSD.ORG
To: freebsd-gnats-submit@freebsd.org
Subject: dhclient crashes (communicating with bootpd)
X-Send-Pr-Version: www-1.0

>Number:         14850
>Category:       misc
>Synopsis:       dhclient crashes (communicating with bootpd)
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Fri Nov 12 12:40:00 PST 1999
>Closed-Date:    Sat Nov 13 18:34:46 PST 1999
>Last-Modified:  Sat Nov 13 18:35:04 PST 1999
>Originator:     Marinos J. Yannikos
>Release:        3.3-RELEASE
>Organization:
>Environment:
FreeBSD devil 3.3-RELEASE FreeBSD 3.3-RELEASE #0: Thu Sep 16 23:40:35 GMT 1999     jkh@highwing.cdrom.com:/usr/src/sys/compile/GENERIC  i386

>Description:
When communicating with a BOOTP server, dhclient fails to configure
the interface (the BOOTP configuration works with Win98 and Linux)
and crashes.

Core dump shows:
(gdb) bt
#0  0x80700ca in memcpy ()
#1  0xbfbfbd0c in ?? ()
#2  0x804aa96 in dhcpack (packet=0xbfbfbd60)
    at /usr/src/sbin/dhclient/../../contrib/isc-dhcp/client/dhclient.c:529
#3  0x804b191 in dhcp (packet=0xbfbfbd60)
    at /usr/src/sbin/dhclient/../../contrib/isc-dhcp/client/dhclient.c:722
#4  0x80562fd in do_packet (interface=0x8095000, packet=0xbfbfc5d8, len=300,
    from_port=17152, from={len = 4,
      iabuf = "\n\000\000\001V\001\000\000\000P\t\b\024ֿ"}, hfrom=0xbfbfd5f0)
    at /usr/src/sbin/dhclient/../../contrib/isc-dhcp/common/options.c:638
#5  0x8051e39 in got_one (l=0x8098070)
    at /usr/src/sbin/dhclient/../../contrib/isc-dhcp/common/dispatch.c:713
#6  0x8051d2e in dispatch ()
    at /usr/src/sbin/dhclient/../../contrib/isc-dhcp/common/dispatch.c:677
#7  0x804a4c7 in main (argc=2, argv=0xbfbfd820, envp=0xbfbfd82c)
    at /usr/src/sbin/dhclient/../../contrib/isc-dhcp/client/dhclient.c:281
#8  0x80480e9 in _start ()

>How-To-Repeat:
Should be deterministic, using BOOTP. Here's my bootptab:

.allhost:hd=/tmp:bf=null:\
    :ds=10.0.0.1:\
    :sm=255.255.255.0:\
    :gw=10.0.0.1:\
    :ts=128.130.2.3:\
    :lp=10.0.0.1:\
    :to=0:

devil:ht=1:ha=00409501B465:ip=10.0.0.4:tc=.allhost:

>Fix:
Contributed code, so ask the ISC to fix it. Seems like the lease time isn't
being used for BOOTP, but the dhclient crashes trying to use it.

>Release-Note:
>Audit-Trail:

From: "Marinos J. Yannikos" <mjy@pobox.com>
To: freebsd-gnats-submit@freebsd.org, mjy@pobox.com
Cc:  
Subject: Re: misc/14850: dhclient crashes (communicating with bootpd)
Date: Fri, 12 Nov 1999 22:19:04 +0100

 FIX:
 
 Change the following in /usr/src/contrib/isc-dhcp/client/dhclient.c
 It should not affect anything else; it only adds an additional check
 for the case where there is no lease time.
 
 ----------------------------------- cut here -------------------------------
 *** dhclient.c  Fri Nov 12 22:22:57 1999
 --- /tmp/dhclient.c     Fri Nov 12 21:40:27 1999
 ***************
 *** 526,534 ****
         cancel_timeout (send_request, ip);
   
         /* Figure out the lease time. */
 !       ip -> client -> new -> expiry =
                 getULong (ip -> client ->
                           new -> options [DHO_DHCP_LEASE_TIME].data);
         /* A number that looks negative here is really just very large,
            because the lease expiry offset is unsigned. */
         if (ip -> client -> new -> expiry < 0)
 --- 526,538 ----
         cancel_timeout (send_request, ip);
   
         /* Figure out the lease time. */
 !       if (ip -> client -> new -> options [DHO_DHCP_LEASE_TIME].len > 0)
 !       {
 !               ip -> client -> new -> expiry =
                 getULong (ip -> client ->
                           new -> options [DHO_DHCP_LEASE_TIME].data);
 +       }
 +       else ip -> client -> new -> expiry = TIME_MAX;
         /* A number that looks negative here is really just very large,
            because the lease expiry offset is unsigned. */
         if (ip -> client -> new -> expiry < 0)
 ----------------------------------- cut here -------------------------------
 
State-Changed-From-To: open->closed 
State-Changed-By: steve 
State-Changed-When: Sat Nov 13 18:34:46 PST 1999 
State-Changed-Why:  
Dupclicate of ports/14851. 
>Unformatted:
