summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorStuart Henderson <sthen@cvs.openbsd.org>2023-11-02 20:47:32 +0000
committerStuart Henderson <sthen@cvs.openbsd.org>2023-11-02 20:47:32 +0000
commit94385fdd953358232d93594523e06c021f190926 (patch)
tree61a7a9070054b7119c3939107acba3ba58d6384a
parent6349793d53d9fbe6c2a2c82ffa6456bb872add6c (diff)
Use pfctl_fopen (which checks to ensure the given file isn't a directory)
for pfctl -f /path/to/pf.conf. Otherwise, if you accidentally use a dir instead of a file (e.g. if you have an /etc/pf directory and don't notice the name when tab-completing), you successfully install an empty ruleset. ok sashan@
-rw-r--r--sbin/pfctl/parse.y4
1 files changed, 2 insertions, 2 deletions
diff --git a/sbin/pfctl/parse.y b/sbin/pfctl/parse.y
index adc71340d3e..ee5c00f3b8b 100644
--- a/sbin/pfctl/parse.y
+++ b/sbin/pfctl/parse.y
@@ -1,4 +1,4 @@
-/* $OpenBSD: parse.y,v 1.714 2023/10/26 16:26:01 deraadt Exp $ */
+/* $OpenBSD: parse.y,v 1.715 2023/11/02 20:47:31 sthen Exp $ */
/*
* Copyright (c) 2001 Markus Friedl. All rights reserved.
@@ -5391,7 +5391,7 @@ pushfile(const char *name, int secret)
free(nfile);
return (NULL);
}
- } else if ((nfile->stream = fopen(nfile->name, "r")) == NULL) {
+ } else if ((nfile->stream = pfctl_fopen(nfile->name, "r")) == NULL) {
warn("%s: %s", __func__, nfile->name);
free(nfile->name);
free(nfile);