DragonFlyBSD Kernel Audit
← dashboard
DF-0134

Missing structural validation in l64_readdisklabel: crafted partition fields accepted without bounds checks

Summary

l64_readdisklabel only validates magic,npartitions<=16,CRC(:183-187). Does NOT validate partition p_boffset/p_bsize or d_bbase/d_pbase/d_pstop against slice boundaries. Entire label blindly copied to in-core(:193). Contrast l32_readdisklabel calls l32_fixlabel which validates each partition against slice. Downstream dscheck only bounds within-partition not within-slice. Crafted disk: cross-partition I/O, DoS via oversized reserved area(EROFS), potential offset overflow panic.