From 76c8f202a4f6a3190e102a0bc1589bbfc179abf6 Mon Sep 17 00:00:00 2001
From: Kristof Provost <kp@FreeBSD.org>
Date: Mon, 15 May 2023 19:40:32 +0200
Subject: [PATCH] pf: fix pf_nv##_array() size check

We want to set the maximum number of elements we'll accept, not the
exact number we need.

MFC after:	3 weeks
Sponsored by:	Orange Business Services
---
 sys/netpfil/pf/pf_nv.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/sys/netpfil/pf/pf_nv.c b/sys/netpfil/pf/pf_nv.c
index 2e813bc49f9..aefd0268dde 100644
--- a/sys/netpfil/pf/pf_nv.c
+++ b/sys/netpfil/pf/pf_nv.c
@@ -77,7 +77,7 @@ __FBSDID("$FreeBSD$");
 		if (! nvlist_exists_number_array(nvl, name))			\
 			return (EINVAL);					\
 		n = nvlist_get_number_array(nvl, name, &nitems);		\
-		if (nitems != maxelems)						\
+		if (nitems > maxelems)						\
 			return (E2BIG);						\
 		if (nelems != NULL)						\
 			*nelems = nitems;					\