DragonFlyBSD Kernel Audit
← dashboard
DF-0151

Fixed-size reads in preload_modinfo_value ignore field length

Summary

preload_modinfo_value receives len but never uses it. MODINFO_SIZE derefs *(u_long*)(8 bytes), MODINFO_ADDR *(vm_offset_t*)(8 bytes) regardless of len. If len<read width, reads past field into adjacent metadata. Reachable via debug.dump_modinfo sysctl (CTLFLAG_RD, unpriv).