DragonFlyBSD Kernel Audit
← dashboard
DF-0360

nm_dump_buf writes unbounded hex dump into fixed 8 KiB static buffer _dst

Summary

nm_dump_buf(:322-361): when dst=NULL uses static char _dst[8192](:325). Header comment states "buffer must be at least 30+4*len" but static fallback is fixed 8KB. Per-line hexdump loop(:341-355) emits ~71 bytes/iter with no capacity check. Caller passing len>~2040 with dst=NULL overruns .bss. Latent: gated by netmap_verbose debug path. Hardening.