From 4d2540015cbb419961b7180f7348aa6bc813a784 Mon Sep 17 00:00:00 2001
From: Jeremie Courreges-Anglas <jca@cvs.openbsd.org>
Date: Sun, 23 Jul 2017 14:28:23 +0000
Subject: Don't hit pledge(2) restrictions on interface departure

if_exists() can't be used after dropping privileges, since it uses
socket(2) and ioctl(SIOCGIFDATA).  We're just trying to know whether an
interface exists, and if_nametoindex(3) is enough for that.

ok deraadt@
---
 sbin/pflogd/pflogd.c | 20 ++------------------
 1 file changed, 2 insertions(+), 18 deletions(-)

diff --git a/sbin/pflogd/pflogd.c b/sbin/pflogd/pflogd.c
index 40440aab5c7..429f0d375b9 100644
--- a/sbin/pflogd/pflogd.c
+++ b/sbin/pflogd/pflogd.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: pflogd.c,v 1.53 2016/01/16 03:17:48 canacar Exp $	*/
+/*	$OpenBSD: pflogd.c,v 1.54 2017/07/23 14:28:22 jca Exp $	*/
 
 /*
  * Copyright (c) 2001 Theo de Raadt
@@ -194,23 +194,7 @@ set_pcap_filter(void)
 int
 if_exists(char *ifname)
 {
-	int s, ret = 1;
-	struct ifreq ifr;
-	struct if_data ifrdat;
-
-	if ((s = socket(AF_INET, SOCK_DGRAM, 0)) == -1)
-		err(1, "socket");
-	bzero(&ifr, sizeof(ifr));
-	if (strlcpy(ifr.ifr_name, ifname, sizeof(ifr.ifr_name)) >=
-		sizeof(ifr.ifr_name))
-			errx(1, "main ifr_name: strlcpy");
-	ifr.ifr_data = (caddr_t)&ifrdat;
-	if (ioctl(s, SIOCGIFDATA, (caddr_t)&ifr) == -1)
-		ret = 0;
-	if (close(s))
-		err(1, "close");
-
-	return (ret);
+	return (if_nametoindex(ifname) != 0);
 }
 
 int
-- 
cgit v1.2.3