Add sanity check so we don't try to edit something other than a regular file.

diff --git a/CHANGES b/CHANGES
index 459b57d2a3f4da7a92e8267ada0f3ec2eb9fd4de..2d81576c6962a8c3d91e3798f82e3de4686a93cd 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -1723,3 +1723,5 @@ Sudo 1.6.8 released.
 543) Added --with-ldap-conf-file option to override /etc/ldap.conf
 
 544) Added SSL tls_* certificate checking options when using LDAP.
+
+545) Sudoedit will now only attempt to edit regular files or links.

diff --git a/sudo_edit.c b/sudo_edit.c
index 636de2e25a7e19ba52ea3ad300611c9a2748d87a..cfb0a92714e6f882efca983ee4fa37320f44a231 100644 (file)
--- a/sudo_edit.c
+++ b/sudo_edit.c
@@ -113,7 +113,7 @@ int sudo_edit(argc, argv)
 #else
            if (stat(tf[i].ofile, &sb) != 0) {
 #endif
-               close(ofd);
+               close(ofd);     /* XXX - could reset errno */
                ofd = -1;
            }
        }
@@ -126,6 +126,12 @@ int sudo_edit(argc, argv)
                continue;
            }
            memset(&sb, 0, sizeof(sb));
+       } else if (!S_ISREG(sb.st_mode)) {
+           warnx("%s: not a regular file", *ap);
+           close(ofd);
+           argc--;
+           i--;
+           continue;
        }
        tf[i].ofile = *ap;
        tf[i].omtim.tv_sec = mtim_getsec(sb);
@@ -272,6 +278,11 @@ int sudo_edit(argc, argv)
        }
 #ifdef HAVE_FSTAT
        if (fstat(tfd, &sb) == 0) {
+           if (!S_ISREG(sb.st_mode)) {
+               warnx("%s: not a regular file", tf[i].tfile);
+               warnx("%s left unmodified", tf[i].ofile);
+               continue;
+           }
            if (tf[i].osize == sb.st_size &&
                tf[i].omtim.tv_sec == mtim_getsec(sb) &&
                tf[i].omtim.tv_nsec == mtim_getnsec(sb)) {