The branch main has been updated by kp:
URL:
https://cgit.FreeBSD.org/src/commit/?id=168d873ae41fd8bd40555322a79c9f215cb4cb9c
commit 168d873ae41fd8bd40555322a79c9f215cb4cb9c
Author: Kristof Provost <k...@freebsd.org>
AuthorDate: 2025-04-14 16:41:00 +0000
Commit: Kristof Provost <k...@freebsd.org>
CommitDate: 2025-04-15 05:39:35 +0000
pfctl: fix crash on "pfctl -a '*' -vvsr"
When printing a nat anchor we don't have rule information, or rule
counters. Do not attempt to print them. The information is nonsensical
anyway, and this can cause a crash converting the timestamp to a string,
as years in the very distant future use more digits, and we exceed the
30 byte buffer allocated for this.
MFC after: 2 weeks
Sponsored by: Orange Business Services
---
sbin/pfctl/pfctl.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/sbin/pfctl/pfctl.c b/sbin/pfctl/pfctl.c
index 1c5b7f5e1fc0..b4318159b4ec 100644
--- a/sbin/pfctl/pfctl.c
+++ b/sbin/pfctl/pfctl.c
@@ -1490,7 +1490,6 @@ pfctl_show_nat(int dev, const char *path, int opts, char
*anchorname, int depth,
errc(1, ret, "DIOCGETRULESETS");
}
- pfctl_print_rule_counters(&rule, opts);
for (nr = 0; nr < mnr; ++nr) {
if ((ret = pfctl_get_ruleset(pfh, npath, nr, &prs)) !=
0)
errc(1, ret, "DIOCGETRULESET");
