git: 4779b16fa61f - main - pf: fix overly large copy in pf_rule_to_krule()

From: Kristof Provost <kp_at_FreeBSD.org>
Date: Tue, 04 Jun 2024 17:44:54 UTC 
The branch main has been updated by kp:

URL: https://cgit.FreeBSD.org/src/commit/?id=4779b16fa61f858ad5c449834f550fbd5e162d98

commit 4779b16fa61f858ad5c449834f550fbd5e162d98
Author:     Kristof Provost <kp@FreeBSD.org>
AuthorDate: 2024-06-04 12:55:02 +0000
Commit:     Kristof Provost <kp@FreeBSD.org>
CommitDate: 2024-06-04 17:44:20 +0000

    pf: fix overly large copy in pf_rule_to_krule()
    
    The timeout array in struct pf_rule has PFTM_OLD_MAX entries, the one in
    struct pf_krule has PFTM_MAX entries (and PFTM_MAX > PFTM_OLD_MAX).
    Use the smaller of the sizes when copying.
    
    Reported by:    CheriBSD
    MFC after:      1 week
    Event:          Kitchener-Waterloo Hackathon 202406
---
 sys/netpfil/pf/pf_ioctl.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/sys/netpfil/pf/pf_ioctl.c b/sys/netpfil/pf/pf_ioctl.c
index be5e38664a76..99cb3bd85d57 100644
--- a/sys/netpfil/pf/pf_ioctl.c
+++ b/sys/netpfil/pf/pf_ioctl.c
@@ -1972,7 +1972,8 @@ pf_rule_to_krule(const struct pf_rule *rule, struct pf_krule *krule)
 	krule->os_fingerprint = rule->os_fingerprint;
 
 	krule->rtableid = rule->rtableid;
-	bcopy(rule->timeout, krule->timeout, sizeof(krule->timeout));
+	/* pf_rule->timeout is smaller than pf_krule->timeout */
+	bcopy(rule->timeout, krule->timeout, sizeof(rule->timeout));
 	krule->max_states = rule->max_states;
 	krule->max_src_nodes = rule->max_src_nodes;
 	krule->max_src_states = rule->max_src_states;