From 1293291ac8c55b70ce4df9249d34ac73e0d27db5 Mon Sep 17 00:00:00 2001
From: nnposter <nnposter@e0a8ed71-7df4-0310-8962-fdc924857419>
Date: Fri, 4 Dec 2020 00:38:12 +0000
Subject: [PATCH] Skip lease time in DHCP client packets by default

The old behavior (of using the default time of 1s) did not allow constructing
packets without this option, which in turn resulted in (1) DHCPINFORM packets
being non-compliant with RFC 2131 and (2) DHCP discovery scripts potentially
receiving non-default IP lease information. Fixes #2197
---
 CHANGELOG       | 3 +++
 nselib/dhcp.lua | 8 +++++---
 2 files changed, 8 insertions(+), 3 deletions(-)

diff --git a/CHANGELOG b/CHANGELOG
index b2c8c8009..9a8dfe06b 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -32,6 +32,9 @@ o [NSE][GH#2174] Script hostmap-crtsh got improved in several ways. The most
   identities that are syntactically incorrect to be hostnames are now ignored.
   [Michel Le Bihan, nnposter]
 
+o [NSE][GH#2197] Client packets composed by the DHCP library will now contain
+  option 51 (IP address lease time) only when requested. [nnposter]
+
 o [NSE][GH#2192] XML decoding in library citrixxml no longer crashes when
   encountering a character reference with codepoint greater than 255. (These
   references are now left unmodified.) [nnposter]
diff --git a/nselib/dhcp.lua b/nselib/dhcp.lua
index ac7949b0d..e1b21d1c3 100644
--- a/nselib/dhcp.lua
+++ b/nselib/dhcp.lua
@@ -396,7 +396,7 @@ end
 --@param overrides       [optional] A table of overrides. If a field in the table matches a field in the DHCP
 --                       packet (see rfc2131 section 2 for a list of possible fields), the value in the table
 --                       will be sent instead of the default value.
---@param lease_time      [optional] The lease time used when requestint an IP. Default: 1 second.
+--@param lease_time      [optional] The lease time used when requesting an IP. Default: none.
 --@param transaction_id  The identity of the transaction.
 --
 --@return status (true or false)
@@ -444,7 +444,9 @@ function dhcp_build(request_type, ip_address, mac_address, options, request_opti
   end
 
   packet = packet .. string.pack(">Bs1", 0x37, request_options) -- Request options
-  packet = packet .. string.pack(">BBI4", 0x33, 4, lease_time or 1) -- Lease time
+  if lease_time then
+    packet = packet .. string.pack(">BBI4", 0x33, 4, lease_time) -- Lease time
+  end
 
   packet = packet .. "\xFF" -- Termination
 
@@ -599,7 +601,7 @@ end
 --@param overrides       [optional] A table of overrides. If a field in the table matches a field in the DHCP
 --                       packet (see rfc2131 section 2 for a list of possible fields), the value in the table
 --                       will be sent instead of the default value.
---@param lease_time      [optional] The lease time used when requestint an IP. Default: 1 second.
+--@param lease_time      [optional] The lease time used when requesting an IP. Default: none.
 --@return status (true or false)
 --@return The parsed response, as a table.
 function make_request(target, request_type, ip_address, mac_address, options, request_options, overrides, lease_time)