From 228ae54114e1efbe82686090bed9d2c8071ecea0 Mon Sep 17 00:00:00 2001 From: Kristof Provost Date: Fri, 27 Oct 2023 14:13:57 +0200 Subject: [PATCH] libpfctl: be more tolerant of kernel extensions Allow the kernel to supply more array elements than expected, but cut off when we hit what we think the maximum is. This will improve forward compatibility (i.e. old userspace with newer kernel). Reviewed by: zlei MFC after: 1 week Sponsored by: Orange Business Services Differential Revision: https://reviews.freebsd.org/D42392 (cherry picked from commit 2b1eb63fc9c6d6f64baaac59b7ea7c2a3228c03f) --- lib/libpfctl/libpfctl.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/lib/libpfctl/libpfctl.c b/lib/libpfctl/libpfctl.c index 403dbf809b8..03907698e7d 100644 --- a/lib/libpfctl/libpfctl.c +++ b/lib/libpfctl/libpfctl.c @@ -145,9 +145,8 @@ pf_nvuint_32_array(const nvlist_t *nvl, const char *name, size_t maxelems, size_t elems; tmp = nvlist_get_number_array(nvl, name, &elems); - assert(elems <= maxelems); - for (size_t i = 0; i < elems; i++) + for (size_t i = 0; i < elems && i < maxelems; i++) numbers[i] = tmp[i]; if (nelems)