policy.c: Check that the input file is a proper file.

This is mainly useful for user policy files, to make sure they're not
completely mad.

diff --git a/policy.c b/policy.c
index 3d3eedb29f47328354f835f3d4f3c92b8c4098ee..630e1dca76ad8fc383bc240d806f8a0f1423fbc2 100644 (file)
--- a/policy.c
+++ b/policy.c
@@ -411,10 +411,23 @@ fail:
 int open_policy_file(struct policy_file *pf, const char *name,
                     const char *what, const struct query *q)
 {
 int open_policy_file(struct policy_file *pf, const char *name,
                     const char *what, const struct query *q)
 {

+  struct stat st;
+

   if ((pf->fp = fopen(name, "r")) == 0) {
     logmsg(q, LOG_ERR, "failed to open %s `%s': %s",
           what, name, strerror(errno));
   if ((pf->fp = fopen(name, "r")) == 0) {
     logmsg(q, LOG_ERR, "failed to open %s `%s': %s",
           what, name, strerror(errno));

-    return (-1);
+    goto err_0;
+  }
+
+  if (fstat(fileno(pf->fp), &st)) {
+    logmsg(q, LOG_ERR, "failed to read information about %s `%s': %s",
+          what, name, strerror(errno));
+    goto err_1;
+  }
+  if (!S_ISREG(st.st_mode)) {
+    logmsg(q, LOG_ERR, "object `%s', used as %s, is not a regular file",
+          name, what);
+    goto err_1;

   }
 
   pf->name = name;
   }
 
   pf->name = name;


@@ -424,6 +437,11 @@ int open_policy_file(struct policy_file *pf, const char *name,
   pf->lno = 0;
   init_policy(&pf->p);
   return (0);
   pf->lno = 0;
   init_policy(&pf->p);
   return (0);

+
+err_1:
+  fclose(pf->fp);
+err_0:
+  return (-1);

 }
 
 /* Read a policy rule from the file, storing it in PF->p.  Return one of the
 }
 
 /* Read a policy rule from the file, storing it in PF->p.  Return one of the