From 238ad591da9eede122a708be925b6b6a20e9046b Mon Sep 17 00:00:00 2001 From: Kristof Provost Date: Tue, 25 Nov 2025 14:48:29 +0100 Subject: [PATCH] libpfctl: improve error handling If we fail to open /dev/pf don't try to close it again. That would result in errno getting overwritten by close(), hiding potentially useful information. MFC after: 2 weeks Sponsored by: Rubicon Communications, LLC ("Netgate") --- lib/libpfctl/libpfctl.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/libpfctl/libpfctl.c b/lib/libpfctl/libpfctl.c index e747763ae6e..3db596d6fd3 100644 --- a/lib/libpfctl/libpfctl.c +++ b/lib/libpfctl/libpfctl.c @@ -76,7 +76,6 @@ pfctl_open(const char *pf_device) struct pfctl_handle *h; h = calloc(1, sizeof(struct pfctl_handle)); - h->fd = -1; h->fd = open(pf_device, O_RDWR); if (h->fd < 0) @@ -87,7 +86,8 @@ pfctl_open(const char *pf_device) return (h); error: - close(h->fd); + if (h->fd != -1) + close(h->fd); snl_free(&h->ss); free(h);