Fix broker not quiting if `password_file` is specified as a directory.

Closes #2241. Thanks to Bryan Pearson.
4 years ago · 6608e852a1
parent 526b8430e2
commit 6608e852a1
2 changed files with 14 additions and 1 deletions
--- a/ChangeLog.txt
+++ b/ChangeLog.txt
@ -24,6 +24,8 @@ Broker:
  These clients are now rejected if their keepalive value exceeds
  max_keepalive. This option allows CVE-2020-13849, which is for the MQTT
  v3.1.1 protocol itself rather than an implementation, to be addressed.
+- Fix broker not quiting if e.g. the `password_file` is specified as a
+  directory. Closes #2241.

 Client library:
 - If a client uses TLS-PSK then force the default cipher list to use "PSK"
--- a/lib/misc_mosq.c
+++ b/lib/misc_mosq.c
@ -37,6 +37,7 @@ Contributors:
 #endif

 #include "misc_mosq.h"
+#include "logging_mosq.h"


 FILE *mosquitto__fopen(const char *path, const char *mode, bool restrict_read)
@ -116,6 +117,16 @@ FILE *mosquitto__fopen(const char *path, const char *mode, bool restrict_read)
 		}
 	}
 #else
+	struct stat statbuf;
+	if(stat(path, &statbuf) < 0){
+		return NULL;
+	}
+
+	if(!S_ISREG(statbuf.st_mode) && !S_ISLNK(statbuf.st_mode)){
+		log__printf(NULL, MOSQ_LOG_ERR, "Error: %s is not a file.", path);
+		return NULL;
+	}
+
 	if (restrict_read) {
 		FILE *fptr;
 		mode_t old_mask;
@ -164,7 +175,7 @@ char *fgets_extending(char **buf, int *buflen, FILE *stream)

 	do{
 		rc = fgets(&((*buf)[offset]), (*buflen)-offset, stream);
-		if(feof(stream)){
+		if(feof(stream) || rc == NULL){
 			return rc;
 		}