From: sthen Date: Thu, 2 Nov 2023 20:47:31 +0000 (+0000) Subject: Use pfctl_fopen (which checks to ensure the given file isn't a directory) X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=2f4809884632ab0edb533ab9efb40ef71d5dbe71;p=openbsd Use pfctl_fopen (which checks to ensure the given file isn't a directory) for pfctl -f /path/to/pf.conf. Otherwise, if you accidentally use a dir instead of a file (e.g. if you have an /etc/pf directory and don't notice the name when tab-completing), you successfully install an empty ruleset. ok sashan@ --- diff --git a/sbin/pfctl/parse.y b/sbin/pfctl/parse.y index adc71340d3e..ee5c00f3b8b 100644 --- a/sbin/pfctl/parse.y +++ b/sbin/pfctl/parse.y @@ -1,4 +1,4 @@ -/* $OpenBSD: parse.y,v 1.714 2023/10/26 16:26:01 deraadt Exp $ */ +/* $OpenBSD: parse.y,v 1.715 2023/11/02 20:47:31 sthen Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. @@ -5391,7 +5391,7 @@ pushfile(const char *name, int secret) free(nfile); return (NULL); } - } else if ((nfile->stream = fopen(nfile->name, "r")) == NULL) { + } else if ((nfile->stream = pfctl_fopen(nfile->name, "r")) == NULL) { warn("%s: %s", __func__, nfile->name); free(nfile->name); free(nfile);