DragonFlyBSD Kernel Audit
← dashboard
DF-0335

in_pcbportrange can invert hi<lo causing u_short underflow and out-of-range port binds

Summary

in_pcbportrange(:2533-2555) computes hi/lo in int then writes u_short. Narrow range+step can invert hi<lo. in_pcbsetlport lport=last-first in u_short underflows. KKASSERT(last>=first) covers pre-adjusted first0/last0 only. Out-of-range ephemeral port assignment. Root-gated precondition.