&nbsp;Hi Jiri,<br />
<br />
Thank you for your report. &nbsp;We've looked it over and there does<br />
seem to be a problem in the timer code. &nbsp;We're trying to figure<br />
out how it got triggered and how serious it is. &nbsp;Currently we think<br />
it is most likely a configuration issue and so wouldn't be a good<br />
DOS vector.<br />
<br />
While we look into this we were hoping you might be able to<br />
do some tests and gather some information as well.<br />
<br />
Do you know if John tried this with other versions of the code?<br />
Specifically any of the 4.1x versions?<br />
<br />
Can the test be run with at least two more values for the lease times<br />
instead of &quot;infinite&quot;? &nbsp;The two sets of values that would be interesting<br />
to us are a large number but less than 2^^31 - 1 and a number between<br />
2^^31 and 2^^32 - 1.&nbsp;<br />
<br />
In the pcap you sent us the client is receiving a lease time value of<br />
80000, but I don't see anything in the configuration file that would<br />
lead to that value. &nbsp;Does that value ring any bells for you or John<br />
(perhaps an older config file? or something leftover from the client?)<br />
<br />
While I wouldn't expect it to show much it would be interesting to get<br />
a copy of the lease file to see what the server was trying to record at<br />
the time of failure.<br />
<br />
As normal the fix looks like a good start, we may need to modify it<br />
for other compilers (as I recall that's why we included the &amp; DHCP_SEC_MAX<br />
in the previous patch and after we review it some more.<br />
<br />
<br type="_moz" />