git: 48bb8ea97e22 - stable/12 - pf: fix pf_nv##_array() size check

From: Kristof Provost <kp_at_FreeBSD.org>
Date: Wed, 21 Jun 2023 14:33:21 UTC
The branch stable/12 has been updated by kp:

URL: https://cgit.FreeBSD.org/src/commit/?id=48bb8ea97e22ebfdd7acf5ce95d82ccc38a800e4

commit 48bb8ea97e22ebfdd7acf5ce95d82ccc38a800e4
Author:     Kristof Provost <kp@FreeBSD.org>
AuthorDate: 2023-05-15 17:40:32 +0000
Commit:     Kristof Provost <kp@FreeBSD.org>
CommitDate: 2023-06-21 14:29:18 +0000

    pf: fix pf_nv##_array() size check
    
    We want to set the maximum number of elements we'll accept, not the
    exact number we need.
    
    MFC after:      3 weeks
    Sponsored by:   Orange Business Services
    
    (cherry picked from commit 76c8f202a4f6a3190e102a0bc1589bbfc179abf6)
---
 sys/netpfil/pf/pf_nv.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/sys/netpfil/pf/pf_nv.c b/sys/netpfil/pf/pf_nv.c
index e2af55af86e5..11f99ce23fac 100644
--- a/sys/netpfil/pf/pf_nv.c
+++ b/sys/netpfil/pf/pf_nv.c
@@ -77,7 +77,7 @@ __FBSDID("$FreeBSD$");
 		if (! nvlist_exists_number_array(nvl, name))			\
 			return (EINVAL);					\
 		n = nvlist_get_number_array(nvl, name, &nitems);		\
-		if (nitems != maxelems)						\
+		if (nitems > maxelems)						\
 			return (E2BIG);						\
 		if (nelems != NULL)						\
 			*nelems = nitems;					\