From nobody Mon Jul 07 15:08:03 2025 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4bbSKc47dVz61w6C; Mon, 07 Jul 2025 15:08:04 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4bbSKb6JZqz3wcS; Mon, 07 Jul 2025 15:08:03 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1751900883; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=EtI4rkoJDkFzQx2ztLlxN7tpSprf69SjBCWEa/g7yzU=; b=haI2wqmMi2cyMKOTnVj+p/vWqqieZh0wOpDGKKaKh9uo25t1m6Iri678gR8IrCYWKXO/Fy 2KtsgYQr2sUmNMUJW8Uu1ihSsVKf/IOB/BEOb8ZewChJR72YhZblf78NEyVbi1coLTuDaS SMOfkyI5KLxqgcrY9qUkbvHhx5WUhsXphXA9rvprjbK2xAjQqpPcNv+ro227I2051WjBrN OhigSvPoyB3pd8sTI/zmi/a3479vE2NI4GukO+iZJn5la0I2voZS9DWdAXofOpjHo84dWk ae8HRxNbNIGvWL3a88xGQvxa71u+XAqw2/qcD6NZ6OFGakhwEE5brwL8uYAGdA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1751900883; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=EtI4rkoJDkFzQx2ztLlxN7tpSprf69SjBCWEa/g7yzU=; b=nmxI0xe6YcsKd6aWXvBxX3pQ29MOoLp/gYjyTN0FuhZDsMHykgKIRClwA9wmQwZ52MQ4bk MgahlsXw2krihhcmyVEdsEgeO7zWG9Ffkafy7AjQGPD9Mgk9yBxpBW1ifBmA/bbf3DHYm3 K5ZF1H+15ct80IyuzipYL3YvAnjJPgJ5CLi7Nxr/TrD+z7lH3rbx55DeDaUdcWA15NYITC 9EQRINwEYJBUUXOURvZlzi/NyKiWJYFMfaCymewAigNPRMdENh8qCAca9H8brRIB3U1j5B O0nHaHHmvlevVPz/h594hzYbOfc9U1l/9seogXhnYkGTthgYyhGOyh0ycSbGWg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1751900883; a=rsa-sha256; cv=none; b=Ho8GBJbW4r2fT58I84lVcM8Jop9u+gtHRVniv5cLRgqLclAQqdX/nhFvuFUuWQlgYSFVdn Kq5qd1ssP6WJXTsZsnnG6NHb0srERiATZ5uSVTzsp+oDPp7LA5JahHDOxYFkO1Sy+UhCg1 mGSAO1wDhjxjsPio7CJUIOZOh7H55aAA1Um1+b65QaooQEiqOBfrkWORTSOT6yUH6A/0Cq 7S7XOEFlU0PeQo8X+DK5hYDgYCY16p5HCG27OAssdiN/6SoMKSYfmEWtEq64xIq01crvw1 TuUT3934DUYJs9nFbfggo6QFSW2J6QO+rpkmPRdjnEmDoMYrC1Zut0UlxBJnpA== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4bbSKb5p1QzwKJ; Mon, 07 Jul 2025 15:08:03 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 567F83lM016893; Mon, 7 Jul 2025 15:08:03 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 567F83nE016890; Mon, 7 Jul 2025 15:08:03 GMT (envelope-from git) Date: Mon, 7 Jul 2025 15:08:03 GMT Message-Id: <202507071508.567F83nE016890@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Kristof Provost Subject: git: ea0ca279edc2 - main - pfctl: Fix table definition parsing as unprivileged user List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kp X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: ea0ca279edc2683e79a203df22b7ac02cfd48e39 Auto-Submitted: auto-generated The branch main has been updated by kp: URL: https://cgit.FreeBSD.org/src/commit/?id=ea0ca279edc2683e79a203df22b7ac02cfd48e39 commit ea0ca279edc2683e79a203df22b7ac02cfd48e39 Author: Kristof Provost AuthorDate: 2025-07-02 15:07:23 +0000 Commit: Kristof Provost CommitDate: 2025-07-07 15:06:51 +0000 pfctl: Fix table definition parsing as unprivileged user revision 1.689 introduced warn_duplicate_tables() unconditionally, breaking the parser on tables withs insufficient permissions to open pf(4): $ echo 'table ' | pfctl -nf- pfctl: pfr_get_tables: Bad file descriptor So simply check whether pfctl is able to get the table list first. If not, instead of silently avoiding namespace collision checks, print a brief notice iff `-v' is given to help finding duplicate definitions by hand: $ echo 'table ' | ./obj/pfctl -vnf- table stdin:1: skipping duplicate table checks for Reported by Rivo Nurges, thanks! OK benno sashan Obtained from: OpenBSD, kn , 4650ad2af4 Sponsored by: Rubicon Communications, LLC ("Netgate") --- sbin/pfctl/parse.y | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/sbin/pfctl/parse.y b/sbin/pfctl/parse.y index ca3ca28475d7..d465599e1738 100644 --- a/sbin/pfctl/parse.y +++ b/sbin/pfctl/parse.y @@ -5434,7 +5434,12 @@ process_tabledef(char *name, struct table_opts *opts, int popts) if (pf->opts & PF_OPT_VERBOSE) print_tabledef(name, opts->flags, opts->init_addr, &opts->init_nodes); - warn_duplicate_tables(name, pf->anchor->path); + if (!(pf->opts & PF_OPT_NOACTION) || + (pf->opts & PF_OPT_DUMMYACTION)) + warn_duplicate_tables(name, pf->anchor->path); + else if (pf->opts & PF_OPT_VERBOSE) + fprintf(stderr, "%s:%d: skipping duplicate table checks" + " for <%s>\n", file->name, yylval.lineno, name); if (!(pf->opts & PF_OPT_NOACTION) && pfctl_define_table(name, opts->flags, opts->init_addr, pf->anchor->path, &ab, pf->anchor->ruleset.tticket)) {