DragonFlyBSD Kernel Audit
← dashboard
DF-0399

rtredirect_oncpu ignores rt_setgate return: routes redirect that failed or self-targets

Summary

rtredirect_oncpu(:421-430) gateway-smash: rt_setgate(rt,rt_key(rt),gateway) return discarded. EADDRNOTAVAIL: rt_setgate already deleted route (rtrequest RTM_DELETE) then rtredirect reports stat=rts_newgateway and sends RTM_CHANGE for removed route -> routing table inconsistency. ENOBUFS: silently swallows alloc failure. Malicious on-link router sends ICMP redirect with gateway==dst. Contrast rtsock.c:933 checks return.