DragonFlyBSD Kernel Audit
← dashboard
DF-0446

SIOCSIFMTU missing lower-bound validation: ifr_mtu=0 or negative accepted, corrupts downstream MSS/fragmentation math

Summary

SIOCSIFMTU(:715-724): only checks ifr_mtu>ETHERMTU(1500). Accepts 0 and negatives (ifr_mtu is int). MTU=0 propagates into TCP MSS computation (MSS=mtu-hdr_len -> negative), route MTU discovery, fragmentation. Unpredictable downstream behavior. Privileged (SIOCSIFMTU root-gated). Fix: add lower bound ifr_mtu<ETHERMIN.