CC: dhcp-bugs@isc.org
MIME-Version: 1.0
In-Reply-To: <4F4625A7.7080009@redhat.com>
X-Spam-Status: No, score=-1.2 required=5.0 tests=BAYES_00,KHOP_DYNAMIC autolearn=no version=3.3.1
Content-Disposition: inline
References: <4F461680.1090205@redhat.com> <4F4625A7.7080009@redhat.com>
Message-ID: <20120223115149.GB9312@movementarian.org>
Content-Type: text/plain; charset="utf-8"
X-RT-Original-Encoding: utf-8
Received: from mx.pao1.isc.org (mx.pao1.isc.org [149.20.64.53]) by bugs.isc.org (Postfix) with ESMTP id 1765B20EE2C8 for <dhcp-bugs@bugs.isc.org>; Thu, 23 Feb 2012 11:51:58 +0000 (UTC)
Received: from movementarian.org (movement-1-pt.tunnel.tserv5.lon1.ipv6.he.net [IPv6:2001:470:1f08:1404::2]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx.pao1.isc.org (Postfix) with ESMTPS id C4710C9427 for <dhcp-bugs@isc.org>; Thu, 23 Feb 2012 11:51:51 +0000 (UTC) (envelope-from movement@movementarian.org)
Received: from movement by movementarian.org with local (Exim 4.63) (envelope-from <movement@movementarian.org>) id 1S0XDB-0002Rd-Tx; Thu, 23 Feb 2012 11:51:49 +0000
Delivered-To: dhcp-bugs@bugs.isc.org
User-Agent: Mutt/1.5.9i
Subject: Re: [ISC-Bugs #28038] Bug in timer code using infinite lease time on 64 bit system
Return-Path: <movement@movementarian.org>
X-Original-To: dhcp-bugs@bugs.isc.org
Date: Thu, 23 Feb 2012 11:51:49 +0000
Sender: <movement@movementarian.org>
X-Url: http://www.movementarian.org/
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mx.pao1.isc.org
To: Jiri Popelka <jpopelka@redhat.com>
From: John Levon <levon@movementarian.org>
RT-Message-ID: <rt-3.8.6-50542-1329997918-1756.28038-0-0@isc.org>
Content-Length: 1954

On Thu, Feb 23, 2012 at 12:40:23PM +0100, Jiri Popelka wrote:

> On 02/22/2012 08:32 PM, Shawn Routhier wrote:
> >Thank you for your report. We've looked it over and there does
> >seem to be a problem in the timer code. We're trying to figure
> >out how it got triggered and how serious it is. Currently we think
> >it is most likely a configuration issue and so wouldn't be a good
> >DOS vector.
> >
> Yes, nor I've thought it's a security problem since I managed to
> reproduce it.

What kind of configuration issue? Is there something "wrong" in my
dhcpd.conf?

> >While we look into this we were hoping you might be able to
> >do some tests and gather some information as well.
> >
> >Do you know if John tried this with other versions of the code?
> >Specifically any of the 4.1x versions?
> >
> I'll ask but I don't think so as we haven't 4.1 in any supported Fedora
> version and
> he wrote that ha was using dnsmasq as a workaround.
> But I tried to reproduce it with dhcp-4.1.1-P1 and it seems OK
> (well, it should be as the problematic code was added in 4.2.0).

No, the last working version I tried was whatever was in Fedora 15.

> >In the pcap you sent us the client is receiving a lease time value of
> >80000, but I don't see anything in the configuration file that would
> >lead to that value. Does that value ring any bells for you or John
> >(perhaps an older config file? or something leftover from the client?)
> >
> Yes, I had noted that too but forgot to ask John. I'll do that.

I'd experimented with other lease times, so at the time I was using:

        default-lease-time 80000;
        max-lease-time 80000;

The bug was still present.

> >While I wouldn't expect it to show much it would be interesting to get
> >a copy of the lease file to see what the server was trying to record at
> >the time of failure.
> I'm attaching mine and will ask John for his.

I'll have to get back to you if you still need it.

regards
john