The branch main has been updated by kp:
URL:
https://cgit.FreeBSD.org/src/commit/?id=66694675be291927d1442c62f852ad7f73652aaf
commit 66694675be291927d1442c62f852ad7f73652aaf
Author: Kristof Provost <k...@freebsd.org>
AuthorDate: 2025-08-19 11:41:44 +0000
Commit: Kristof Provost <k...@freebsd.org>
CommitDate: 2025-09-10 19:51:39 +0000
pfctl: Use pfctl_fopen
Use pfctl_fopen (which checks to ensure the given file isn't a directory)
for pfctl -f /path/to/pf.conf. Otherwise, if you accidentally use a dir
instead of a file (e.g. if you have an /etc/pf directory and don't notice
the name when tab-completing), you successfully install an empty ruleset.
ok sashan@
Obtained from: OpenBSD, sthen <st...@openbsd.org>, 2f48098846
Sponsored by: Rubicon Communications, LLC ("Netgate")
---
sbin/pfctl/parse.y | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/sbin/pfctl/parse.y b/sbin/pfctl/parse.y
index dce5800df27a..46e9f60fe48e 100644
--- a/sbin/pfctl/parse.y
+++ b/sbin/pfctl/parse.y
@@ -7091,7 +7091,7 @@ pushfile(const char *name, int secret)
free(nfile);
return (NULL);
}
- } else if ((nfile->stream = fopen(nfile->name, "r")) == NULL) {
+ } else if ((nfile->stream = pfctl_fopen(nfile->name, "r")) == NULL) {
warn("%s: %s", __func__, nfile->name);
free(nfile->name);
free(nfile);
