Do not try to load directories. found+ok mpech@

4 files changed, 31 insertions, 8 deletions

diff --git a/sbin/pfctl/pfctl.c b/sbin/pfctl/pfctl.c
index e13e1f44bfc..d2d127bf60d 100644
--- a/sbin/pfctl/pfctl.c
+++ b/sbin/pfctl/pfctl.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: pfctl.c,v 1.213 2004/03/20 09:31:42 david Exp $ */
+/*	$OpenBSD: pfctl.c,v 1.214 2004/04/09 12:42:06 cedric Exp $ */
 
 /*
  * Copyright (c) 2001 Daniel Hartmeier
@@ -34,6 +34,7 @@
 #include <sys/types.h>
 #include <sys/ioctl.h>
 #include <sys/socket.h>
+#include <sys/stat.h>
 
 #include <net/if.h>
 #include <netinet/in.h>
@@ -1061,7 +1062,7 @@ pfctl_rules(int dev, char *filename, int opts, char *anchorname,
 		fin = stdin;
 		infile = "stdin";
 	} else {
-		if ((fin = fopen(filename, "r")) == NULL) {
+		if ((fin = pfctl_fopen(filename, "r")) == NULL) {
 			warn("%s", filename);
 			return (1);
 		}
@@ -1150,6 +1151,27 @@ _error:
 #undef ERRX
 }
 
+FILE *
+pfctl_fopen(const char *name, const char *mode) 
+{
+	struct stat	 st;
+	FILE		*fp;
+
+	fp = fopen(name, mode);
+	if (fp == NULL)
+		return (NULL);
+	if (fstat(fileno(fp), &st)) {
+		fclose(fp);
+		return (NULL);
+	}
+	if (S_ISDIR(st.st_mode)) {
+		fclose(fp);
+		errno = EISDIR;
+		return (NULL);
+	}
+	return (fp);
+}
+
 int
 pfctl_set_limit(struct pfctl *pf, const char *opt, unsigned int limit)
 {
diff --git a/sbin/pfctl/pfctl.h b/sbin/pfctl/pfctl.h
index dd39abab319..998fd2b5cb5 100644
--- a/sbin/pfctl/pfctl.h
+++ b/sbin/pfctl/pfctl.h
@@ -1,4 +1,4 @@
-/*	$OpenBSD: pfctl.h,v 1.33 2004/02/19 21:37:01 cedric Exp $ */
+/*	$OpenBSD: pfctl.h,v 1.34 2004/04/09 12:42:06 cedric Exp $ */
 
 /*
  * Copyright (c) 2001 Daniel Hartmeier
@@ -86,6 +86,7 @@ int	 pfctl_command_tables(int, char *[], char *, const char *, char *,
 int	 pfctl_show_altq(int, const char *, int, int);
 void	 warn_namespace_collision(const char *);
 int	 pfctl_show_ifaces(const char *, int);
+FILE	*pfctl_fopen(const char *, const char *);
 
 #ifndef DEFAULT_PRIORITY
 #define DEFAULT_PRIORITY	1
diff --git a/sbin/pfctl/pfctl_osfp.c b/sbin/pfctl/pfctl_osfp.c
index 6d1fb990257..9276274dce8 100644
--- a/sbin/pfctl/pfctl_osfp.c
+++ b/sbin/pfctl/pfctl_osfp.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: pfctl_osfp.c,v 1.8 2004/02/27 10:42:00 henning Exp $ */
+/*	$OpenBSD: pfctl_osfp.c,v 1.9 2004/04/09 12:42:06 cedric Exp $ */
 
 /*
  * Copyright (c) 2003 Mike Frantzen <frantzen@openbsd.org>
@@ -97,8 +97,8 @@ pfctl_file_fingerprints(int dev, int opts, const char *fp_filename)
 
 	pfctl_flush_my_fingerprints(&classes);
 
-	if ((in = fopen(fp_filename, "r")) == NULL) {
-		warn("fopen(%s)", fp_filename);
+	if ((in = pfctl_fopen(fp_filename, "r")) == NULL) {
+		warn("%s", fp_filename);
 		return (1);
 	}
 	class = version = subtype = desc = tcpopts = NULL;
diff --git a/sbin/pfctl/pfctl_radix.c b/sbin/pfctl/pfctl_radix.c
index 04fb4872ef6..c08496bf8b8 100644
--- a/sbin/pfctl/pfctl_radix.c
+++ b/sbin/pfctl/pfctl_radix.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: pfctl_radix.c,v 1.24 2004/02/10 18:29:30 henning Exp $ */
+/*	$OpenBSD: pfctl_radix.c,v 1.25 2004/04/09 12:42:06 cedric Exp $ */
 
 /*
  * Copyright (c) 2002 Cedric Berger
@@ -605,7 +605,7 @@ pfr_buf_load(struct pfr_buffer *b, char *file, int nonetwork,
 	if (!strcmp(file, "-"))
 		fp = stdin;
 	else {
-		fp = fopen(file, "r");
+		fp = pfctl_fopen(file, "r");
 		if (fp == NULL)
 			return (-1);
 	}