diff options
| author | Stuart Henderson <sthen@cvs.openbsd.org> | 2023-11-02 20:47:32 +0000 |
|---|---|---|
| committer | Stuart Henderson <sthen@cvs.openbsd.org> | 2023-11-02 20:47:32 +0000 |
| commit | 94385fdd953358232d93594523e06c021f190926 (patch) | |
| tree | 61a7a9070054b7119c3939107acba3ba58d6384a /sbin/pfctl | |
| parent | 6349793d53d9fbe6c2a2c82ffa6456bb872add6c (diff) | |
Use pfctl_fopen (which checks to ensure the given file isn't a directory)
for pfctl -f /path/to/pf.conf. Otherwise, if you accidentally use a dir
instead of a file (e.g. if you have an /etc/pf directory and don't notice
the name when tab-completing), you successfully install an empty ruleset.
ok sashan@
Diffstat (limited to 'sbin/pfctl')
| -rw-r--r-- | sbin/pfctl/parse.y | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/sbin/pfctl/parse.y b/sbin/pfctl/parse.y index adc71340d3e..ee5c00f3b8b 100644 --- a/sbin/pfctl/parse.y +++ b/sbin/pfctl/parse.y @@ -1,4 +1,4 @@ -/* $OpenBSD: parse.y,v 1.714 2023/10/26 16:26:01 deraadt Exp $ */ +/* $OpenBSD: parse.y,v 1.715 2023/11/02 20:47:31 sthen Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. @@ -5391,7 +5391,7 @@ pushfile(const char *name, int secret) free(nfile); return (NULL); } - } else if ((nfile->stream = fopen(nfile->name, "r")) == NULL) { + } else if ((nfile->stream = pfctl_fopen(nfile->name, "r")) == NULL) { warn("%s: %s", __func__, nfile->name); free(nfile->name); free(nfile); |