git: 275078f17251 - stable/14 - libpfctl: fix Coverity issues

From: Kristof Provost <kp_at_FreeBSD.org>
Date: Wed, 01 Nov 2023 09:06:07 UTC
The branch stable/14 has been updated by kp:

URL: https://cgit.FreeBSD.org/src/commit/?id=275078f1725179371dd53c7abac1850b98dac1a0

commit 275078f1725179371dd53c7abac1850b98dac1a0
Author:     Kristof Provost <kp@FreeBSD.org>
AuthorDate: 2023-10-23 11:46:11 +0000
Commit:     Kristof Provost <kp@FreeBSD.org>
CommitDate: 2023-11-01 09:05:49 +0000

    libpfctl: fix Coverity issues
    
     - handle snl_finalize_msg() returning NULL
     - insert the correct data into the states list
     - add missing nvlist_destroy()
     - incorrect order for array bounds
    
    Coverity:       1522929, 1522925, 1522923, 1522921, 1522780, 1522770, 1522764, 1487785, 1471250
    Reviewed by:    emaste
    MFC after:      1 week
    Sponsored by:   Rubicon Communications, LLC ("Netgate")
    Differential Revision:  https://reviews.freebsd.org/D42330
    
    (cherry picked from commit 4abc3b482e0d246cd3518622223795c8de102130)
---
 lib/libpfctl/libpfctl.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/lib/libpfctl/libpfctl.c b/lib/libpfctl/libpfctl.c
index d5347a7f8a84..2bdc14e8868a 100644
--- a/lib/libpfctl/libpfctl.c
+++ b/lib/libpfctl/libpfctl.c
@@ -758,6 +758,8 @@ pfctl_get_eth_ruleset(int dev, const char *path, int nr,
 	strlcpy(ri->name, nvlist_get_string(nvl, "name"),
 	    PF_ANCHOR_NAME_SIZE);
 
+	nvlist_destroy(nvl);
+
 	return (0);
 }
 
@@ -856,8 +858,8 @@ pfctl_add_eth_rule(int dev, const struct pfctl_eth_rule *r, const char *anchor,
 	pfctl_nv_add_rule_addr(nvl, "ipdst", &r->ipdst);
 
 	labelcount = 0;
-	while (r->label[labelcount][0] != 0 &&
-	    labelcount < PF_RULE_MAX_LABEL_COUNT) {
+	while (labelcount < PF_RULE_MAX_LABEL_COUNT &&
+	    r->label[labelcount][0] != 0) {
 		nvlist_append_string_array(nvl, "labels",
 		    r->label[labelcount]);
 		labelcount++;