2015-10-07 07:33:12 UTC
This is the current code of get_lease in client.c file:
lease_seconds = get_be32(option);
/* paranoia: must not be prone to overflows */
lease_seconds &= 0x0fffffff;
If first 28 bits are a small number (but lease_seconds is larger than
0xfffffff) this would make lease_seconds a very low value and we will be
renewing when we should not.
Even if it is a very big number but above arithmetic probably is not
correct. Is the intention really to take first 28 bits or to ensure that if
it is greater than a certain value cap it to that value.