Updated diff using `mode' so the intent is even clearer now that I also
merged my next diff:
Fail much earlier when trying to write anchors beginning with "_".
This avoids the duplicate check as well as everything between parsing
the anchor name and `-F'/`-s' arguments.
OK?
Index: pfctl.c
===================================================================
RCS file: /cvs/src/sbin/pfctl/pfctl.c,v
retrieving revision 1.357
diff -u -p -r1.357 pfctl.c
--- pfctl.c 7 Sep 2018 19:56:07 -0000 1.357
+++ pfctl.c 8 Sep 2018 12:32:25 -0000
@@ -2500,6 +2500,16 @@ main(int argc, char *argv[])
errx(1, "pfctl: calloc");
memset(anchorname, 0, sizeof(anchorname));
if (anchoropt != NULL) {
+ if (mode == O_RDWR) {
+ if (*anchoropt == '_' || strstr(anchoropt, "/_") !=
NULL)
+ errx(1, "anchor names beginning with '_' "
+ "cannot be modified from the command line");
+ } else {
+ if (showopt == NULL) {
+ warnx("anchors apply to -f, -F and -s only");
+ usage();
+ }
+ }
int len = strlen(anchoropt);
if (anchoropt[len - 1] == '*') {
@@ -2603,10 +2613,6 @@ main(int argc, char *argv[])
anchorname, 0, 0, -1);
if (clearopt != NULL) {
- if (anchorname[0] == '_' || strstr(anchorname, "/_") != NULL)
- errx(1, "anchor names beginning with '_' cannot "
- "be modified from the command line");
-
switch (*clearopt) {
case 'r':
pfctl_clear_rules(dev, opts, anchorname);
@@ -2685,9 +2691,6 @@ main(int argc, char *argv[])
}
if (rulesopt != NULL) {
- if (anchorname[0] == '_' || strstr(anchorname, "/_") != NULL)
- errx(1, "anchor names beginning with '_' cannot "
- "be modified from the command line");
if (pfctl_rules(dev, rulesopt, opts, optimize,
anchorname, NULL))
error = 1;
