DragonFlyBSD Kernel Audit
← dashboard
DF-0392

Fragment overlap trim uses non-8-aligned shifts for last-fragment overlaps: inconsistent reassembly metadata

Summary

pf_reassemble overlap trim(:412-413,434-436): updates ip_off via (precut>>3) and (aftercut>>3). Non-final fragments guaranteed 8-byte aligned (checked :943). LAST fragment (MF=0) ip_len need not be 8-aligned -> precut/aftercut non-aligned -> >>3 truncation produces incorrect ip_off inconsistent with actual m_adj byte trim. Subtle payload corruption or normalization bypass. Not memory safety: all lengths bounded by IP_MAXPACKET checks.