diff options
| author | Kristof Provost <kp@FreeBSD.org> | 2025-08-19 11:41:44 +0000 |
|---|---|---|
| committer | Kristof Provost <kp@FreeBSD.org> | 2025-09-10 19:51:39 +0000 |
| commit | 66694675be291927d1442c62f852ad7f73652aaf (patch) | |
| tree | 086816d4f33b61d165e95bac11614114134e3fc7 | |
| parent | 94804658ab045fd386c2f031186c86f686c6870a (diff) | |
pfctl: Use pfctl_fopen
Use pfctl_fopen (which checks to ensure the given file isn't a directory)
for pfctl -f /path/to/pf.conf. Otherwise, if you accidentally use a dir
instead of a file (e.g. if you have an /etc/pf directory and don't notice
the name when tab-completing), you successfully install an empty ruleset.
ok sashan@
Obtained from: OpenBSD, sthen <sthen@openbsd.org>, 2f48098846
Sponsored by: Rubicon Communications, LLC ("Netgate")
| -rw-r--r-- | sbin/pfctl/parse.y | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/sbin/pfctl/parse.y b/sbin/pfctl/parse.y index dce5800df27a..46e9f60fe48e 100644 --- a/sbin/pfctl/parse.y +++ b/sbin/pfctl/parse.y @@ -7091,7 +7091,7 @@ pushfile(const char *name, int secret) free(nfile); return (NULL); } - } else if ((nfile->stream = fopen(nfile->name, "r")) == NULL) { + } else if ((nfile->stream = pfctl_fopen(nfile->name, "r")) == NULL) { warn("%s: %s", __func__, nfile->name); free(nfile->name); free(nfile); |