git: 2b1eb63fc9c6 - main - libpfctl: be more tolerant of kernel extensions

From: Kristof Provost <kp_at_FreeBSD.org>
Date: Tue, 31 Oct 2023 15:03:38 UTC
The branch main has been updated by kp:

URL: https://cgit.FreeBSD.org/src/commit/?id=2b1eb63fc9c6d6f64baaac59b7ea7c2a3228c03f

commit 2b1eb63fc9c6d6f64baaac59b7ea7c2a3228c03f
Author:     Kristof Provost <kp@FreeBSD.org>
AuthorDate: 2023-10-27 12:13:57 +0000
Commit:     Kristof Provost <kp@FreeBSD.org>
CommitDate: 2023-10-31 15:03:22 +0000

    libpfctl: be more tolerant of kernel extensions
    
    Allow the kernel to supply more array elements than expected, but cut
    off when we hit what we think the maximum is. This will improve forward
    compatibility (i.e. old userspace with newer kernel).
    
    Reviewed by:    zlei
    MFC after:      1 week
    Sponsored by:   Orange Business Services
    Differential Revision:  https://reviews.freebsd.org/D42392
---
 lib/libpfctl/libpfctl.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/lib/libpfctl/libpfctl.c b/lib/libpfctl/libpfctl.c
index 1c8873dd6429..1554b81acf59 100644
--- a/lib/libpfctl/libpfctl.c
+++ b/lib/libpfctl/libpfctl.c
@@ -152,9 +152,8 @@ pf_nvuint_32_array(const nvlist_t *nvl, const char *name, size_t maxelems,
 	size_t elems;
 
 	tmp = nvlist_get_number_array(nvl, name, &elems);
-	assert(elems <= maxelems);
 
-	for (size_t i = 0; i < elems; i++)
+	for (size_t i = 0; i < elems && i < maxelems; i++)
 		numbers[i] = tmp[i];
 
 	if (nelems)