diff options
| author | Daniel Hartmeier <dhartmei@cvs.openbsd.org> | 2005-11-17 20:52:40 +0000 |
|---|---|---|
| committer | Daniel Hartmeier <dhartmei@cvs.openbsd.org> | 2005-11-17 20:52:40 +0000 |
| commit | fdc7ef6731676fd02d1cd9bb94481ab2a1a519c4 (patch) | |
| tree | fdeb5cc9ac87faad212d20ce10685f7a900180ca | |
| parent | 1f08543790370808c5c56534cbec3286199eba87 (diff) | |
for pfctl -f rules, open the file before resetting options. when opening
the file fails, produce only the error message and leave options
unchanged. reported by Tamas TEVESZ, ok deraadt@
| -rw-r--r-- | sbin/pfctl/parse.y | 9 | ||||
| -rw-r--r-- | sbin/pfctl/pfctl.c | 39 | ||||
| -rw-r--r-- | sbin/pfctl/pfctl_parser.h | 4 |
3 files changed, 28 insertions, 24 deletions
diff --git a/sbin/pfctl/parse.y b/sbin/pfctl/parse.y index cdece5b7fae..d3bd1b96dbd 100644 --- a/sbin/pfctl/parse.y +++ b/sbin/pfctl/parse.y @@ -1,4 +1,4 @@ -/* $OpenBSD: parse.y,v 1.493 2005/10/13 13:27:06 henning Exp $ */ +/* $OpenBSD: parse.y,v 1.494 2005/11/17 20:52:39 dhartmei Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. @@ -5167,12 +5167,17 @@ int pfctl_load_anchors(int dev, int opts, struct pfr_buffer *trans) { struct loadanchors *la; + FILE *fin; TAILQ_FOREACH(la, &loadanchorshead, entries) { if (opts & PF_OPT_VERBOSE) fprintf(stderr, "\nLoading anchor %s from %s\n", la->anchorname, la->filename); - if (pfctl_rules(dev, la->filename, opts, la->anchorname, + if ((fin = pfctl_fopen(la->filename, "r")) == NULL) { + warn("%s", la->filename); + continue; + } + if (pfctl_rules(dev, la->filename, fin, opts, la->anchorname, trans) == -1) return (-1); } diff --git a/sbin/pfctl/pfctl.c b/sbin/pfctl/pfctl.c index 8bb62dab420..a0754509c5a 100644 --- a/sbin/pfctl/pfctl.c +++ b/sbin/pfctl/pfctl.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pfctl.c,v 1.243 2005/07/11 14:16:09 dhartmei Exp $ */ +/* $OpenBSD: pfctl.c,v 1.244 2005/11/17 20:52:39 dhartmei Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -1055,13 +1055,12 @@ pfctl_add_altq(struct pfctl *pf, struct pf_altq *a) } int -pfctl_rules(int dev, char *filename, int opts, char *anchorname, +pfctl_rules(int dev, char *filename, FILE *fin, int opts, char *anchorname, struct pfr_buffer *trans) { #define ERR(x) do { warn(x); goto _error; } while(0) #define ERRX(x) do { warnx(x); goto _error; } while(0) - FILE *fin; struct pfr_buffer *t, buf; struct pfioc_altq pa; struct pfctl pf; @@ -1084,16 +1083,7 @@ pfctl_rules(int dev, char *filename, int opts, char *anchorname, if (strlcpy(trs.pfrt_anchor, anchorname, sizeof(trs.pfrt_anchor)) >= sizeof(trs.pfrt_anchor)) ERRX("pfctl_rules: strlcpy"); - if (strcmp(filename, "-") == 0) { - fin = stdin; - infile = "stdin"; - } else { - if ((fin = pfctl_fopen(filename, "r")) == NULL) { - warn("%s", filename); - return (1); - } - infile = filename; - } + infile = filename; pf.dev = dev; pf.opts = opts; pf.loadopt = loadopt; @@ -1640,11 +1630,12 @@ pfctl_lookup_option(char *cmd, const char **list) int main(int argc, char *argv[]) { - int error = 0; - int ch; - int mode = O_RDONLY; - int opts = 0; - char anchorname[MAXPATHLEN]; + int error = 0; + int ch; + int mode = O_RDONLY; + int opts = 0; + char anchorname[MAXPATHLEN]; + FILE *fin = NULL; if (argc < 2) usage(); @@ -1929,7 +1920,15 @@ main(int argc, char *argv[]) tblcmdopt, rulesopt, anchorname, opts); rulesopt = NULL; } - + if (rulesopt != NULL) { + if (strcmp(rulesopt, "-") == 0) { + fin = stdin; + rulesopt = "stdin"; + } else { + if ((fin = pfctl_fopen(rulesopt, "r")) == NULL) + err(1, "%s", rulesopt); + } + } if ((rulesopt != NULL) && (!*anchorname)) if (pfctl_clear_interface_flags(dev, opts | PF_OPT_QUIET)) error = 1; @@ -1940,7 +1939,7 @@ main(int argc, char *argv[]) error = 1; if (rulesopt != NULL) { - if (pfctl_rules(dev, rulesopt, opts, anchorname, NULL)) + if (pfctl_rules(dev, rulesopt, fin, opts, anchorname, NULL)) error = 1; else if (!(opts & PF_OPT_NOACTION) && (loadopt & PFCTL_FLAG_TABLE)) diff --git a/sbin/pfctl/pfctl_parser.h b/sbin/pfctl/pfctl_parser.h index c33126bfc2f..c22a76e8389 100644 --- a/sbin/pfctl/pfctl_parser.h +++ b/sbin/pfctl/pfctl_parser.h @@ -1,4 +1,4 @@ -/* $OpenBSD: pfctl_parser.h,v 1.82 2005/10/13 13:27:06 henning Exp $ */ +/* $OpenBSD: pfctl_parser.h,v 1.83 2005/11/17 20:52:39 dhartmei Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -183,7 +183,7 @@ struct pf_opt_rule { }; -int pfctl_rules(int, char *, int, char *, struct pfr_buffer *); +int pfctl_rules(int, char *, FILE *, int, char *, struct pfr_buffer *); int pfctl_optimize_rules(struct pfctl *); int pfctl_add_rule(struct pfctl *, struct pf_rule *, const char *); |