On Sat, Jan 05, 2019 at 08:04:07PM +0100, Klemens Nanni wrote: > Diff below bails out immediately when `-i ...' is passed Just that now.
Ignore the option argument if the option was passed since that already fulfills our error condition of passing `-i ...' with `-F all'. `ifaceopt' is global and therefore NULL initialised. Still clearing tables and rules when this error is hit seems wrong to me, so don't do anything unless the pfctl command is actually valid. mcbride introduced this code with r1.298 in 2010 but used if (*ifaceopt) { only to have stsp fix a segfault in r1.299 by changing it to the current form. One might as well assume that my proposed condition was the originally intended behaviour after all and stsp's fix should've just removed the derefence. OK? Index: pfctl.c =================================================================== RCS file: /cvs/src/sbin/pfctl/pfctl.c,v retrieving revision 1.362 diff -u -p -r1.362 pfctl.c --- pfctl.c 2 Jan 2019 23:08:00 -0000 1.362 +++ pfctl.c 5 Jan 2019 22:01:56 -0000 @@ -2626,13 +2626,13 @@ main(int argc, char *argv[]) pfctl_clear_stats(dev, ifaceopt, opts); break; case 'a': - pfctl_clear_tables(anchorname, opts); - pfctl_clear_rules(dev, opts, anchorname); - if (ifaceopt && *ifaceopt) { + if (ifaceopt) { warnx("don't specify an interface with -Fall"); usage(); /* NOTREACHED */ } + pfctl_clear_tables(anchorname, opts); + pfctl_clear_rules(dev, opts, anchorname); if (!*anchorname) { pfctl_clear_states(dev, ifaceopt, opts); pfctl_clear_src_nodes(dev, opts);