Verify that the target is a regular file.

git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@519 185d5e19-27fe-0310-9dcf-9bff6b9f3609

lib/openpam_check_owner_perms.c

@@ -67,6 +67,12 @@ openpam_check_desc_owner_perms(const char *name, int fd)
 		errno = serrno;
 		return (-1);
 	}
+	if (!S_ISREG(sb.st_mode)) {
+		openpam_log(PAM_LOG_ERROR,
+		    "%s: not a regular file", name);
+		errno = EINVAL;
+		return (-1);
+	}
 	if ((sb.st_uid != root && sb.st_uid != arbitrator) ||
 	    (sb.st_mode & (S_IWGRP|S_IWOTH)) != 0) {
 		openpam_log(PAM_LOG_ERROR,
@@ -84,7 +90,7 @@ openpam_check_desc_owner_perms(const char *name, int fd)
  * up to it are owned by either root or the arbitrator and that they are
  * not writable by group or other.
  *
- * Note that openpam_check_file_owner_perms() should be used instead if
+ * Note that openpam_check_desc_owner_perms() should be used instead if
  * possible to avoid a race between the ownership / permission check and
  * the actual open().
  */
@@ -95,8 +101,9 @@ openpam_check_path_owner_perms(const char *path)
 	uid_t root, arbitrator;
 	char pathbuf[PATH_MAX];
 	struct stat sb;
-	int len, serrno;
+	int len, serrno, tip;
 
+	tip = 1;
 	root = 0;
 	arbitrator = geteuid();
 	if (realpath(path, pathbuf) == NULL)
@@ -111,6 +118,12 @@ openpam_check_path_owner_perms(const char *path)
 			}
 			return (-1);
 		}
+		if (tip && !S_ISREG(sb.st_mode)) {
+			openpam_log(PAM_LOG_ERROR,
+			    "%s: not a regular file", pathbuf);
+			errno = EINVAL;
+			return (-1);
+		}
 		if ((sb.st_uid != root && sb.st_uid != arbitrator) ||
 		    (sb.st_mode & (S_IWGRP|S_IWOTH)) != 0) {
 			openpam_log(PAM_LOG_ERROR,
@@ -120,6 +133,7 @@ openpam_check_path_owner_perms(const char *path)
 		}
 		while (--len > 0 && pathbuf[len] != '/')
 			pathbuf[len] = '\0';
+		tip = 0;
 	}
 	return (0);
 }