DragonFlyBSD Kernel Audit
← dashboard
DF-0455

MCC multi-byte length decode reverses octet ordering: interoperability bug for MCC frames >= 128 bytes

Summary

MCC length decode(:1027-1039): len=(len<<7)|(b>>1)(:1037) places FIRST octet in HIGH bits, LAST in LOW — reverse of TS 07.10 spec (first=bits 0-6). Frame-length decode in same file(:642,:656) is correct LSB-first. Send path(:1660-1668) encodes correctly — encode/decode inconsistent. Only manifests for MCC len>=128 (TEST echo). len!=pkthdr.len check(:1041) usually catches misparse, drops frame. Remote DoS limited to dropping large TEST.