From nobody Mon Jul 7 15:07:58 2025 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4bbSKV5FkWz61w7p; Mon, 07 Jul 2025 15:07:58 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4bbSKV2JZPz3wSZ; Mon, 07 Jul 2025 15:07:58 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1751900878; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=El/r1HmkFS79yioilUWO/nZfmF1H7hrfSwegbcPDQWY=; b=Xkk7YCNyPENfifTqBGhgFTPDXxaM/4uxVzBVZPR8jN7PcifPDSHJon1vcYtvPoroNe1aO4 rY+XTTZt9db9HwDj2MtQVhYjW1VVLCf4hWyrhROoRBRgdLIs0y7iI/4zpuIOjc6X/HH7qr vOB/q59knkcGwTTvd7gtOvE5HP4xEfRGvYTGYoBic1o0yDJ+qPG2f9uhCWo8OYpJ9GzGH6 36bxFv5KNua3UPRR+YByZxe2fJqY63qDWEzP1PqYuMRazJ7RN5z+vxSm0qusc9cOf7PiBX LT5i5PI45+hADUfG7jx71MLfkOJjCGZ0ab1FVCj3ceMO14vGTNvWem/tx2mqWg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1751900878; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=El/r1HmkFS79yioilUWO/nZfmF1H7hrfSwegbcPDQWY=; b=mHEIAbK+H7L79w7i0KWps37dGYOJq1IOkvE4WJ2Ba+K7KIn7Y7lGVU5IkPZ9nLq4aCfBc3 DJawTPIFtFed+Wgjv+j+TOuILdOSm39YNPQ4tdev7K7+PHNqyMzRrvshDl0Kl11CJ0erRt frxC1JYQLzxzG7Tq90wKDgZ4mr9f6pG/M6eimOaZbDNTDbBz0wZyU2/DxwfbK/n5WKXE+Z wb7xFBbnk3YG46qzPWIRfsY8mTi84tws6qqkVFq5feF+5lK2qjiMvwwOGZmYRUiyZMD3MB InsRNKIS/qkll92npZskw8dxHWdkO5dGVbViD0EyrLK1RwG9MmUc2OolhW1zXg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1751900878; a=rsa-sha256; cv=none; b=gvefMn831HNp/4Xe+30jbb5wf+RYG1u0x6j/TI50NImq7B1BaKzzGFmO4TeeCy5HX8ivUP YK6xHWNVGrdzA12959dN/mY/in4DoOdm2gjmt8+nbNI07spBLOm4Gv0M157HlBld2cdlcv hycYqS3FbipyqVgASsQqRPFxlTXlMWRdjh8vo6HXPbCyHHx6BgUwIlIDT13T76iZeLs13a gbakIcyhv7QnLmaHIxn8OobLzVuv3LruECpavwKuEEP+ofcXA0JigY0AQEmbzfJ6uId+ZU /2EQD/Dp26PNv6Bz4IqccI6pI1dVu91G/sYEoKFQP6YT98FGbUVDY+lAe7aCRw== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4bbSKV1WWszwF5; Mon, 07 Jul 2025 15:07:58 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 567F7wPZ016696; Mon, 7 Jul 2025 15:07:58 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 567F7wJm016693; Mon, 7 Jul 2025 15:07:58 GMT (envelope-from git) Date: Mon, 7 Jul 2025 15:07:58 GMT Message-Id: <202507071507.567F7wJm016693@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Kristof Provost Subject: git: f33973f53607 - main - pfctl: Anchor names must not be empty List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kp X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: f33973f5360792835c82b3a164e0d043e8656a4a Auto-Submitted: auto-generated The branch main has been updated by kp: URL: https://cgit.FreeBSD.org/src/commit/?id=f33973f5360792835c82b3a164e0d043e8656a4a commit f33973f5360792835c82b3a164e0d043e8656a4a Author: Kristof Provost AuthorDate: 2025-07-02 13:00:49 +0000 Commit: Kristof Provost CommitDate: 2025-07-07 15:06:50 +0000 pfctl: Anchor names must not be empty The parser would allow bogus input and sometimes even produce invalid rules on empty anchor names, so error out immediately. OK sashan Obtained from: OpenBSD, kn , 85af6f4b29 Sponsored by: Rubicon Communications, LLC ("Netgate") --- sbin/pfctl/parse.y | 5 +++++ sbin/pfctl/pfctl.c | 2 ++ 2 files changed, 7 insertions(+) diff --git a/sbin/pfctl/parse.y b/sbin/pfctl/parse.y index 2ebd528443fe..5c6102db3b55 100644 --- a/sbin/pfctl/parse.y +++ b/sbin/pfctl/parse.y @@ -922,6 +922,11 @@ varset : STRING '=' varstring { ; anchorname : STRING { + if ($1[0] == '\0') { + free($1); + yyerror("anchor name must not be empty"); + YYERROR; + } if (strlen(pf->anchor->path) + 1 + strlen($1) >= PATH_MAX) { free($1); diff --git a/sbin/pfctl/pfctl.c b/sbin/pfctl/pfctl.c index e490e933db5f..0fb0602eb04f 100644 --- a/sbin/pfctl/pfctl.c +++ b/sbin/pfctl/pfctl.c @@ -3129,6 +3129,8 @@ main(int argc, char *argv[]) if (anchoropt != NULL) { int len = strlen(anchoropt); + if (anchoropt[0] == '\0') + errx(1, "anchor name must not be empty"); if (mode == O_RDONLY && showopt == NULL && tblcmdopt == NULL) { warnx("anchors apply to -f, -F, -s, and -T only"); usage();