fix off-by-one in pf_state_expires() bounds test

such a value would have triggered a KASSERT()
ok sashan@ deraadt@

diff --git a/sys/net/pf.c b/sys/net/pf.c
index a1a334f..d1d5f20 100644 (file)
--- a/sys/net/pf.c
+++ b/sys/net/pf.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: pf.c,v 1.1172 2023/03/04 10:55:37 sashan Exp $ */
+/*     $OpenBSD: pf.c,v 1.1173 2023/03/23 01:41:12 jsg Exp $ */
 
 /*
  * Copyright (c) 2001 Daniel Hartmeier
@@ -1640,8 +1640,8 @@ pf_state_expires(const struct pf_state *st, uint8_t stimeout)
         * next pass of the purge task.
         */
 
-       /* handle all PFTM_* > PFTM_MAX here */
-       if (stimeout > PFTM_MAX)
+       /* handle all PFTM_* >= PFTM_MAX here */
+       if (stimeout >= PFTM_MAX)
                return (0);
 
        KASSERT(stimeout < PFTM_MAX);