The branch stable/13 has been updated by kp: URL: https://cgit.FreeBSD.org/src/commit/?id=c2e7cbe0edb5d3f834aba93311ba8ed027e5dd40
commit c2e7cbe0edb5d3f834aba93311ba8ed027e5dd40 Author: Kristof Provost <[email protected]> AuthorDate: 2023-10-23 11:46:11 +0000 Commit: Kristof Provost <[email protected]> CommitDate: 2023-10-31 08:11:36 +0000 libpfctl: fix Coverity issues - handle snl_finalize_msg() returning NULL - insert the correct data into the states list - add missing nvlist_destroy() - incorrect order for array bounds Coverity: 1522929, 1522925, 1522923, 1522921, 1522780, 1522770, 1522764, 1487785, 1471250 Reviewed by: emaste MFC after: 1 week Sponsored by: Rubicon Communications, LLC ("Netgate") Differential Revision: https://reviews.freebsd.org/D42330 (cherry picked from commit 4abc3b482e0d246cd3518622223795c8de102130) --- lib/libpfctl/libpfctl.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/lib/libpfctl/libpfctl.c b/lib/libpfctl/libpfctl.c index c9a5190d790c..e0fc90960d7c 100644 --- a/lib/libpfctl/libpfctl.c +++ b/lib/libpfctl/libpfctl.c @@ -636,9 +636,9 @@ pfctl_add_rule(int dev, const struct pfctl_rule *r, const char *anchor, pfctl_nv_add_rule_addr(nvlr, "dst", &r->dst); labelcount = 0; - while (r->label[labelcount][0] != 0 && - labelcount < PF_RULE_MAX_LABEL_COUNT) { - nvlist_append_string_array(nvlr, "labels", + while (labelcount < PF_RULE_MAX_LABEL_COUNT && + r->label[labelcount][0] != 0) { + nvlist_append_string_array(nvl, "labels", r->label[labelcount]); labelcount++; }
