From: Todd C. Miller <Todd.Miller@courtesan.com>
Date: Wed, 15 Sep 2004 16:16:20 +0000 (+0000)
Subject: Add sanity check so we don't try to edit something other than a regular file.
X-Git-Tag: SUDO_1_6_8p1~3
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=12c78c0f6d1ef4071e2d0291f2d3861612bd5319;p=sudo

Add sanity check so we don't try to edit something other than a regular file.
---

diff --git a/CHANGES b/CHANGES
index 459b57d2a..2d81576c6 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1723,3 +1723,5 @@ Sudo 1.6.8 released.
 543) Added --with-ldap-conf-file option to override /etc/ldap.conf
 
 544) Added SSL tls_* certificate checking options when using LDAP.
+
+545) Sudoedit will now only attempt to edit regular files or links.
diff --git a/sudo_edit.c b/sudo_edit.c
index 636de2e25..cfb0a9271 100644
--- a/sudo_edit.c
+++ b/sudo_edit.c
@@ -113,7 +113,7 @@ int sudo_edit(argc, argv)
 #else
 	    if (stat(tf[i].ofile, &sb) != 0) {
 #endif
-		close(ofd);
+		close(ofd);	/* XXX - could reset errno */
 		ofd = -1;
 	    }
 	}
@@ -126,6 +126,12 @@ int sudo_edit(argc, argv)
 		continue;
 	    }
 	    memset(&sb, 0, sizeof(sb));
+	} else if (!S_ISREG(sb.st_mode)) {
+	    warnx("%s: not a regular file", *ap);
+	    close(ofd);
+	    argc--;
+	    i--;
+	    continue;
 	}
 	tf[i].ofile = *ap;
 	tf[i].omtim.tv_sec = mtim_getsec(sb);
@@ -272,6 +278,11 @@ int sudo_edit(argc, argv)
 	}
 #ifdef HAVE_FSTAT
 	if (fstat(tfd, &sb) == 0) {
+	    if (!S_ISREG(sb.st_mode)) {
+		warnx("%s: not a regular file", tf[i].tfile);
+		warnx("%s left unmodified", tf[i].ofile);
+		continue;
+	    }
 	    if (tf[i].osize == sb.st_size &&
 		tf[i].omtim.tv_sec == mtim_getsec(sb) &&
 		tf[i].omtim.tv_nsec == mtim_getnsec(sb)) {