DF-0562
STEPBY unsigned underflow via missing minimum length check (LMI_MIN_LENGTH defined never used) — ng7 twin of DF-0554
Summary
ng7 twin of DF-0554. LMI_MIN_LENGTH=8 defined(:88) never used. nglmi_checkdata reads fixed header bytes sequentially STEPBY(1)(:757/:783/:791/:806) without verifying packetlen>=1. packetlen u_short(:741). Short frame -> STEPBY underflows 0->0xFFFF -> IE loop while(packetlen>=2) iterates with huge packetlen -> data advances past mbuf into adjacent kernel heap. Hex-dump logging(:992-1046) exposes heap. Panics crossing unmapped page. Reliability depends on residual mbuf bytes matching expected values (0x03/0x7D/0x95). Fix: if(m_len<LMI_MIN_LENGTH) goto drop + packetlen>=1 guard before each STEPBY.