DragonFlyBSD Kernel Audit
← dashboard
DF-0448

Safety-critical checks rely on KASSERT/KKASSERT which are no-ops on production kernels without INVARIANTS

Summary

KASSERT/KKASSERT no-op without INVARIANTS (systm.h:117-119). Safety-critical guards in this file: KASSERT(m_len>=ETHER_HDR_LEN)(:993) prevents OOB ether_header read in ether_demux; KKASSERT(mtag!=NULL)(:1003) before m_tag_data NULL deref; KKASSERT(ether_type!=VLAN)(:1370) recursion guard; KKASSERT(M_HASH)(:1452) before hashcpu. Production kernels: all become no-ops. Buggy driver short mbuf or refcount race -> exploitable OOB/NULL-deref instead of controlled panic.