git: c17db80ddd57 - stable/13 - libpfctl: be more tolerant of kernel extensions
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Tue, 07 Nov 2023 15:47:25 UTC
The branch stable/13 has been updated by kp:
URL: https://cgit.FreeBSD.org/src/commit/?id=c17db80ddd5743dce59552dba4bd7c243b748a6c
commit c17db80ddd5743dce59552dba4bd7c243b748a6c
Author: Kristof Provost <kp@FreeBSD.org>
AuthorDate: 2023-10-27 12:13:57 +0000
Commit: Kristof Provost <kp@FreeBSD.org>
CommitDate: 2023-11-07 15:25:02 +0000
libpfctl: be more tolerant of kernel extensions
Allow the kernel to supply more array elements than expected, but cut
off when we hit what we think the maximum is. This will improve forward
compatibility (i.e. old userspace with newer kernel).
Reviewed by: zlei
MFC after: 1 week
Sponsored by: Orange Business Services
Differential Revision: https://reviews.freebsd.org/D42392
(cherry picked from commit 2b1eb63fc9c6d6f64baaac59b7ea7c2a3228c03f)
---
lib/libpfctl/libpfctl.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/lib/libpfctl/libpfctl.c b/lib/libpfctl/libpfctl.c
index 2a77aeb0efad..bf25a45b792f 100644
--- a/lib/libpfctl/libpfctl.c
+++ b/lib/libpfctl/libpfctl.c
@@ -145,9 +145,8 @@ pf_nvuint_32_array(const nvlist_t *nvl, const char *name, size_t maxelems,
size_t elems;
tmp = nvlist_get_number_array(nvl, name, &elems);
- assert(elems <= maxelems);
- for (size_t i = 0; i < elems; i++)
+ for (size_t i = 0; i < elems && i < maxelems; i++)
numbers[i] = tmp[i];
if (nelems)