[dhcp] isc_time_nowplusinterval() is not safe with 64-bit time_t (#662254, #789601)

Jiří Popelka jpopelka at fedoraproject.org
Fri Jul 27 08:17:10 UTC 2012 

commit bd413ec3f9585ff8ccb8a5a66097fab53a8f5fe4
Author: Jiri Popelka <jpopelka at redhat.com>
Date:   Fri Jul 27 10:08:44 2012 +0200

    isc_time_nowplusinterval() is not safe with 64-bit time_t (#662254, #789601)

 dhcp-4.2.4-P1-interval.patch |   25 +++++++++++++++++++++++++
 dhcp.spec                    |    9 ++++++++-
 2 files changed, 33 insertions(+), 1 deletions(-)
---
diff --git a/dhcp-4.2.4-P1-interval.patch b/dhcp-4.2.4-P1-interval.patch
new file mode 100644
index 0000000..e8e89c1
--- /dev/null
+++ b/dhcp-4.2.4-P1-interval.patch
@@ -0,0 +1,25 @@
+diff -up dhcp-4.2.4/common/dispatch.c.foo dhcp-4.2.4/common/dispatch.c
+--- dhcp-4.2.4/common/dispatch.c.foo	2012-07-26 21:31:43.875349675 -0500
++++ dhcp-4.2.4/common/dispatch.c	2012-07-26 21:39:14.961710319 -0500
+@@ -324,7 +324,20 @@ void add_timeout (when, where, what, ref
+ 	q->next  = timeouts;
+ 	timeouts = q;
+ 
+-	isc_interval_set(&interval, sec & DHCP_SEC_MAX, usec * 1000);
++	/* isc_time_nowplusinterval() is not safe with 64-bit time_t and will
++	 * return an error for sufficiently large intervals.  We have to limit
++	 * the interval to INT_MAX or less to ensure the interval doesn't
++	 * overflow 32 bits, since the returned isc_time_t fields are
++	 * 32-bit unsigned ints.
++	 *
++	 * HACK: The 9 is a magic number of seconds, since some time may have
++	 * gone by since the last call to gettimeofday() and the one in
++	 * isc_time_nowplusinterval().
++	 */
++	if (sec > TIME_MAX)
++		sec = TIME_MAX - 9;
++
++	isc_interval_set(&interval, sec, usec * 1000);
+ 	status = isc_time_nowplusinterval(&expires, &interval);
+ 	if (status != ISC_R_SUCCESS) {
+ 		/*
diff --git a/dhcp.spec b/dhcp.spec
index 08ce829..770b673 100644
--- a/dhcp.spec
+++ b/dhcp.spec
@@ -18,7 +18,7 @@
 Summary:  Dynamic host configuration protocol software
 Name:     dhcp
 Version:  4.2.4
-Release:  9.%{patchver}%{?dist}
+Release:  10.%{patchver}%{?dist}
 # NEVER CHANGE THE EPOCH on this package.  The previous maintainer (prior to
 # dcantrell maintaining the package) made incorrect use of the epoch and
 # that's why it is at 12 now.  It should have never been used, but it was.
@@ -75,6 +75,7 @@ Patch40:  dhcp-4.2.4-send_release.patch
 Patch41:  dhcp-4.2.3-P2-rfc5970-dhcpv6-options-for-network-boot.patch
 Patch42:  dhcp-4.2.4-failOverPeer.patch 
 Patch43:  dhcp-4.2.4-P1-dhclient6-leases_semicolon_expected.patch
+Patch44:  dhcp-4.2.4-P1-interval.patch 
 
 BuildRequires: autoconf
 BuildRequires: automake
@@ -308,6 +309,9 @@ rm bind/bind.tar.gz
 # Dhclient does not correctly parse zero-length options in dhclient6.leases (#633318)
 %patch43 -p1 -b .dhclient6-leases_semicolon
 
+# isc_time_nowplusinterval() is not safe with 64-bit time_t (#662254, #789601)
+%patch44 -p1 -b .interval
+
 pushd contrib
 %{__chmod} -x 3.0b1-lease-convert dhclient-tz-exithook.sh ldap/dhcpd-conf-to-ldap
 %{__chmod} -x sethostname.sh solaris.init
@@ -575,6 +579,9 @@ fi
 
 
 %changelog
+* Fri Jul 27 2012 Jiri Popelka <jpopelka at redhat.com> - 12:4.2.4-10.P1
+- isc_time_nowplusinterval() is not safe with 64-bit time_t (#662254, #789601)
+
 * Fri Jul 27 2012 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 12:4.2.4-9.P1
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild

More information about the scm-commits mailing list