DragonFlyBSD Kernel Audit
← dashboard
DF-0405

Missing null-termination of bdg_basename when namelen==IFNAMSIZ: OOB read in debug format strings

Summary

nm_find_bridge(:331-352): namelen capped to IFNAMSIZ(16), strncpy(bdg_basename,name,namelen) into bdg_basename[16] with no guaranteed NUL when namelen==16. D() %s format reads past array. Debug-only. Defense-in-depth.