git: 2811ec176c40 - main - pfctl: Fix file descriptor leak due to popfile() never closing the main config file.

Wed, 09 Jul 2025 02:08:39 -0700 

The branch main has been updated by kp:

URL: 
https://cgit.FreeBSD.org/src/commit/?id=2811ec176c402ab007ce1897f4c1a344cdb02723

commit 2811ec176c402ab007ce1897f4c1a344cdb02723
Author:     Kristof Provost <k...@freebsd.org>
AuthorDate: 2025-07-03 09:13:41 +0000
Commit:     Kristof Provost <k...@freebsd.org>
CommitDate: 2025-07-09 08:57:48 +0000

    pfctl: Fix file descriptor leak due to popfile() never closing the main 
config file.
    
    The fix is the same as for other parse.y files in the tree (see bgpd(8) or
    unwind(8))
    
    ok bluhm@
    
    Obtained from:  OpenBSD, tobhe <to...@openbsd.org>, da1e1ceac5
    Sponsored by:   Rubicon Communications, LLC ("Netgate")
---
 sbin/pfctl/parse.y | 27 ++++++++++++++-------------
 1 file changed, 14 insertions(+), 13 deletions(-)

diff --git a/sbin/pfctl/parse.y b/sbin/pfctl/parse.y
index af1fb95398f8..dd6fb0116aea 100644
--- a/sbin/pfctl/parse.y
+++ b/sbin/pfctl/parse.y
@@ -95,7 +95,7 @@ static struct file {
        int                      eof_reached;
        int                      lineno;
        int                      errors;
-} *file;
+} *file, *topfile;
 struct file    *pushfile(const char *, int);
 int             popfile(void);
 int             check_file_secrecy(int, const char *);
@@ -6743,7 +6743,7 @@ lgetc(int quotec)
        if (quotec) {
                if ((c = igetc()) == EOF) {
                        yyerror("reached end of file while parsing quoted 
string");
-                       if (popfile() == EOF)
+                       if (file == topfile || popfile() == EOF)
                                return (EOF);
                        return (quotec);
                }
@@ -6771,7 +6771,7 @@ lgetc(int quotec)
                        return ('\n');
                }
                while (c == EOF) {
-                       if (popfile() == EOF)
+                       if (file == topfile || popfile() == EOF)
                                return (EOF);
                        c = igetc();
                }
@@ -7069,17 +7069,17 @@ popfile(void)
 {
        struct file     *prev;
 
-       if ((prev = TAILQ_PREV(file, files, entry)) != NULL) {
+       if ((prev = TAILQ_PREV(file, files, entry)) != NULL)
                prev->errors += file->errors;
-               TAILQ_REMOVE(&files, file, entry);
-               fclose(file->stream);
-               free(file->name);
-               free(file->ungetbuf);
-               free(file);
-               file = prev;
-               return (0);
-       }
-       return (EOF);
+
+       TAILQ_REMOVE(&files, file, entry);
+       fclose(file->stream);
+       free(file->name);
+       free(file->ungetbuf);
+       free(file);
+       file = prev;
+
+       return (file ? 0 : EOF);
 }
 
 int
@@ -7102,6 +7102,7 @@ parse_config(char *filename, struct pfctl *xpf)
                warn("cannot open the main config file!");
                return (-1);
        }
+       topfile = file;
 
        yyparse();
        errors = file->errors;

Reply via email to