DragonFlyBSD Kernel Audit
← dashboard
DF-0312

Unchecked ifindex2ifnet[] indexing from embedded address scope-id on loopback output

Summary

Loopback branch(:577,:579) ifindex2ifnet[ntohs(s6_addr16[1])] with no bounds check. Contrast IPV6_PKTINFO path validates against if_index(:2628-2631). Crafted raw socket with bogus zone id -> OOB read of ifindex2ifnet table. Kernel address selection normally prevents.