Skip lease time in DHCP client packets by default

The old behavior (of using the default time of 1s) did not allow constructing packets without this option, which in turn resulted in (1) DHCPINFORM packets being non-compliant with RFC 2131 and (2) DHCP discovery scripts potentially receiving non-default IP lease information. Fixes #2197
nmap · Dec 4, 2020 · 1293291 · 1293291
1 parent d1b39a6
commit 1293291
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 3 deletions.
diff --git a/CHANGELOG b/CHANGELOG
@@ -32,6 +32,9 @@ o [NSE][GH#2174] Script hostmap-crtsh got improved in several ways. The most
   identities that are syntactically incorrect to be hostnames are now ignored.
   [Michel Le Bihan, nnposter]
 
+o [NSE][GH#2197] Client packets composed by the DHCP library will now contain
+  option 51 (IP address lease time) only when requested. [nnposter]
+
 o [NSE][GH#2192] XML decoding in library citrixxml no longer crashes when
   encountering a character reference with codepoint greater than 255. (These
   references are now left unmodified.) [nnposter]

diff --git a/nselib/dhcp.lua b/nselib/dhcp.lua
@@ -396,7 +396,7 @@ end
 --@param overrides       [optional] A table of overrides. If a field in the table matches a field in the DHCP
 --                       packet (see rfc2131 section 2 for a list of possible fields), the value in the table
 --                       will be sent instead of the default value.
---@param lease_time      [optional] The lease time used when requestint an IP. Default: 1 second.
+--@param lease_time      [optional] The lease time used when requesting an IP. Default: none.
 --@param transaction_id  The identity of the transaction.
 --
 --@return status (true or false)
@@ -444,7 +444,9 @@ function dhcp_build(request_type, ip_address, mac_address, options, request_opti
   end
 
   packet = packet .. string.pack(">Bs1", 0x37, request_options) -- Request options
-  packet = packet .. string.pack(">BBI4", 0x33, 4, lease_time or 1) -- Lease time
+  if lease_time then
+    packet = packet .. string.pack(">BBI4", 0x33, 4, lease_time) -- Lease time
+  end
 
   packet = packet .. "\xFF" -- Termination
 
@@ -599,7 +601,7 @@ end
 --@param overrides       [optional] A table of overrides. If a field in the table matches a field in the DHCP
 --                       packet (see rfc2131 section 2 for a list of possible fields), the value in the table
 --                       will be sent instead of the default value.
---@param lease_time      [optional] The lease time used when requestint an IP. Default: 1 second.
+--@param lease_time      [optional] The lease time used when requesting an IP. Default: none.
 --@return status (true or false)
 --@return The parsed response, as a table.
 function make_request(target, request_type, ip_address, mac_address, options, request_options, overrides, lease_time)