dhcp-client: Don't report long time to expiration after lease expires.

There is a race between time advancing past the lease expiration time
and actually transitioning to the expired state.  Fix this race.

Found by Chris Eagle via Fortify.

diff --git a/lib/dhcp-client.c b/lib/dhcp-client.c
index 919bc31dbfe0237d2c6eb47bc927d6afd9d26d2b..4c12b4eb43e0b4917f5a2cf27196d36adabc2629 100644 (file)
--- a/lib/dhcp-client.c
+++ b/lib/dhcp-client.c
@@ -356,7 +356,12 @@ dhclient_get_state_elapsed(const struct dhclient *cli)
 unsigned int
 dhclient_get_lease_remaining(const struct dhclient *cli)
 {
-    return dhclient_is_bound(cli) ? cli->lease_expiration - time_now() : 0;
+    if (dhclient_is_bound(cli)) {
+        time_t now = time_now();
+        return cli->lease_expiration > now ? cli->lease_expiration - now : 0;
+    } else {
+        return 0;
+    }
 }
 
 /* If 'cli' is bound to an IP address, returns that IP address; otherwise,