DragonFlyBSD Kernel Audit
← dashboard
DF-0334

Divide-by-zero panic in ephemeral port allocation on degenerate sysctl port range

Summary

in_pcbbind_remote(:884) count=last-first; karc4random()%count. in_pcbsetlport(:428) lport=last-first; cut%lport. If port range collapses first==last (sysctl_net_ipport_check RANGECHK allows): count=0 -> div-by-zero panic. Root sets degenerate range; unpriv connect()/bind() triggers. sysctl accepts silently.