From nobody Wed Jul  9 08:58:59 2025
X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4bcX2q72kpz61NKW;
	Wed, 09 Jul 2025 08:58:59 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4bcX2q6Hf7z3bvT;
	Wed, 09 Jul 2025 08:58:59 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1752051539;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=Q6qkcO+ZWqcyBU87VofTkMAR+O0UEO8Xs9h8B6eQvVs=;
	b=QfSPTqqrTr52sIdPwlz+9iHdthDrc86KDaN0Nf9QmHimwUzY0A0bFY5uRv5TPQSqP/Yt48
	PqSPu/61IWiBYX8ZM9R3qwwHgegMiJ3DQ7V5Ga9kJkpfflvwvlCFEREbFxujHcRrLW01zF
	a4fJFf/j4MM6QtROuJ+bW+Z/QyLMxQMuLZ7Kiec2/T8E/OAKyTJ5Escf0D7fJvWBXhAhBd
	B0xKS+81QUVPswEzbaJ572I5clQSlh8MTD9wRW/TktIFftiCv6o8Uk9wikbbLcNk0cw8ec
	ZP0qKDygdqSnYJsuH5SNNkDyZGgdbu9SIlVhkvOf56kcKas80OXdvhGFoRaZtw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1752051539;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=Q6qkcO+ZWqcyBU87VofTkMAR+O0UEO8Xs9h8B6eQvVs=;
	b=iX25Ds2uj/YtmHXEPm4xJk+l6Vk+HrIMpzGwepyK5Jw/erpwtdOfylnLI/U0ZJ4sHtd9Sg
	AcV1ryXFh/2P2MkP7t+/WMawxsIM41yKlpcphGrS4AOh44mcQwIjYOF/6ZJYG8V1nOLi8i
	pS6R9n0XiyUpda0Llsjy+gzcyDDy1q51Bf6eMhigoFlmVWxf3vPj11lFzgrGwUI7DPp+Gk
	EIh2lwxbA7TDZAM1GZqXFqPzPeDD8vTQYVndOfwQQI+XNv6ipZARb9NE7ioNQU75HMZpz9
	P+XvlgIwf1YbIMh22s/RraHGeMDmUpmGeU0Oylv3JV9k7V7Dp/caLo3o3bVTHQ==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1752051539; a=rsa-sha256; cv=none;
	b=vsVpZhoQvqs5N5jM450OkYiUdpO8TV51XfcNUObQf0LRVR6LUuLu0ZVa2BfIkwmjqD1YPY
	hwXrrxjE2Oz1mxdvY5OJgrGdG8SxqQiDWKgJliojm/VbpfDG/4mv9nsqGC6TOSwOYn7wm0
	WYLFzSBBMWlNXvw7z5iGXVtGHiUJTNiUg4TyQ9stxw4Asi/EwUT7kkQuXpGyJpjfzB+OSV
	HJYn4PBtDPmZFR3StTNes55P5j+l7Aeyxwdg+tDB0O+oS3nT7Ta8Ap3UPlM3QCnGwJxV+3
	xpTdliWlaqNelGgUFfE8Cwn/I4i8RFF34mSSLNwwIazLRuHBwVXW8MGDVh7pFA==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4bcX2q5sZJz19Q;
	Wed, 09 Jul 2025 08:58:59 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 5698wx2o044742;
	Wed, 9 Jul 2025 08:58:59 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 5698wxMF044739;
	Wed, 9 Jul 2025 08:58:59 GMT
	(envelope-from git)
Date: Wed, 9 Jul 2025 08:58:59 GMT
Message-Id: <202507090858.5698wxMF044739@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-main@FreeBSD.org
From: Kristof Provost <kp@FreeBSD.org>
Subject: git: 2811ec176c40 - main - pfctl: Fix file descriptor leak
  due to popfile() never closing the main config file.
List-Id: Commit messages for the main branch of the src repository <dev-commits-src-main.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main
List-Help: <mailto:dev-commits-src-main+help@freebsd.org>
List-Post: <mailto:dev-commits-src-main@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-main+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-main+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-src-main@freebsd.org
Sender: owner-dev-commits-src-main@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: kp
X-Git-Repository: src
X-Git-Refname: refs/heads/main
X-Git-Reftype: branch
X-Git-Commit: 2811ec176c402ab007ce1897f4c1a344cdb02723
Auto-Submitted: auto-generated

The branch main has been updated by kp:

URL: https://cgit.FreeBSD.org/src/commit/?id=2811ec176c402ab007ce1897f4c1a344cdb02723

commit 2811ec176c402ab007ce1897f4c1a344cdb02723
Author:     Kristof Provost <kp@FreeBSD.org>
AuthorDate: 2025-07-03 09:13:41 +0000
Commit:     Kristof Provost <kp@FreeBSD.org>
CommitDate: 2025-07-09 08:57:48 +0000

    pfctl: Fix file descriptor leak due to popfile() never closing the main config file.
    
    The fix is the same as for other parse.y files in the tree (see bgpd(8) or
    unwind(8))
    
    ok bluhm@
    
    Obtained from:  OpenBSD, tobhe <tobhe@openbsd.org>, da1e1ceac5
    Sponsored by:   Rubicon Communications, LLC ("Netgate")
---
 sbin/pfctl/parse.y | 27 ++++++++++++++-------------
 1 file changed, 14 insertions(+), 13 deletions(-)

diff --git a/sbin/pfctl/parse.y b/sbin/pfctl/parse.y
index af1fb95398f8..dd6fb0116aea 100644
--- a/sbin/pfctl/parse.y
+++ b/sbin/pfctl/parse.y
@@ -95,7 +95,7 @@ static struct file {
 	int			 eof_reached;
 	int			 lineno;
 	int			 errors;
-} *file;
+} *file, *topfile;
 struct file	*pushfile(const char *, int);
 int		 popfile(void);
 int		 check_file_secrecy(int, const char *);
@@ -6743,7 +6743,7 @@ lgetc(int quotec)
 	if (quotec) {
 		if ((c = igetc()) == EOF) {
 			yyerror("reached end of file while parsing quoted string");
-			if (popfile() == EOF)
+			if (file == topfile || popfile() == EOF)
 				return (EOF);
 			return (quotec);
 		}
@@ -6771,7 +6771,7 @@ lgetc(int quotec)
 			return ('\n');
 		}
 		while (c == EOF) {
-			if (popfile() == EOF)
+			if (file == topfile || popfile() == EOF)
 				return (EOF);
 			c = igetc();
 		}
@@ -7069,17 +7069,17 @@ popfile(void)
 {
 	struct file	*prev;
 
-	if ((prev = TAILQ_PREV(file, files, entry)) != NULL) {
+	if ((prev = TAILQ_PREV(file, files, entry)) != NULL)
 		prev->errors += file->errors;
-		TAILQ_REMOVE(&files, file, entry);
-		fclose(file->stream);
-		free(file->name);
-		free(file->ungetbuf);
-		free(file);
-		file = prev;
-		return (0);
-	}
-	return (EOF);
+
+	TAILQ_REMOVE(&files, file, entry);
+	fclose(file->stream);
+	free(file->name);
+	free(file->ungetbuf);
+	free(file);
+	file = prev;
+
+	return (file ? 0 : EOF);
 }
 
 int
@@ -7102,6 +7102,7 @@ parse_config(char *filename, struct pfctl *xpf)
 		warn("cannot open the main config file!");
 		return (-1);
 	}
+	topfile = file;
 
 	yyparse();
 	errors = file->errors;