From 745370075ce9aff7a2273f2dc8ae61ff26acad94 Mon Sep 17 00:00:00 2001
From: jsg <jsg@openbsd.org>
Date: Thu, 23 Mar 2023 01:41:12 +0000
Subject: [PATCH] fix off-by-one in pf_state_expires() bounds test such a value
 would have triggered a KASSERT() ok sashan@ deraadt@

---
 sys/net/pf.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/sys/net/pf.c b/sys/net/pf.c
index a1a334ffb1c..d1d5f20414f 100644
--- a/sys/net/pf.c
+++ b/sys/net/pf.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: pf.c,v 1.1172 2023/03/04 10:55:37 sashan Exp $ */
+/*	$OpenBSD: pf.c,v 1.1173 2023/03/23 01:41:12 jsg Exp $ */
 
 /*
  * Copyright (c) 2001 Daniel Hartmeier
@@ -1640,8 +1640,8 @@ pf_state_expires(const struct pf_state *st, uint8_t stimeout)
 	 * next pass of the purge task.
 	 */
 
-	/* handle all PFTM_* > PFTM_MAX here */
-	if (stimeout > PFTM_MAX)
+	/* handle all PFTM_* >= PFTM_MAX here */
+	if (stimeout >= PFTM_MAX)
 		return (0);
 
 	KASSERT(stimeout < PFTM_MAX);
-- 
2.20.1