DragonFlyBSD Kernel Audit
← dashboard
DF-0551

MTU unsigned underflow when parent MTU < EVL_ENCAPLEN(4)

Summary

vlan_config_dispatch else-branch(:727-730): ifp->if_mtu=ifp_p->if_data.ifi_mtu-EVL_ENCAPLEN. ifi_mtu is u_long(unsigned). If parent MTU<4 (software/tunnel pseudo-iface) and no IFCAP_VLAN_MTU -> subtraction wraps to ~ULONG_MAX. Published via ifp->if_mtu consumed by upper-layer size checks. DoS via oversized frames/assertion failures. Requires privileged parent MTU config. Fix: if(parent_mtu>EVL_ENCAPLEN) subtract else EINVAL.