From b5a7a631e7d68c5df8a4510c8788331832c8f5e5 Mon Sep 17 00:00:00 2001
From: Joris Vink <joris@sanctorum.se>
Date: Sun, 2 Feb 2025 14:08:37 +0100
Subject: [PATCH] Be more pedantic about file opens.

---
 src/utils.c | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/src/utils.c b/src/utils.c
index 8145f6d..d6024de 100644
--- a/src/utils.c
+++ b/src/utils.c
@@ -399,6 +399,7 @@ int
 sanctum_file_open(const char *path)
 {
 	int		fd;
+	struct stat	st;
 
 	PRECOND(path != NULL);
 
@@ -408,6 +409,20 @@ sanctum_file_open(const char *path)
 		return (-1);
 	}
 
+	if (fstat(fd, &st) == -1) {
+		sanctum_log(LOG_NOTICE,
+		    "failed to fstat '%s': %s", path, errno_s);
+		(void)close(fd);
+		return (-1);
+	}
+
+	if (!S_ISREG(st.st_mode)) {
+		sanctum_log(LOG_NOTICE,
+		    "'%s': not a regular file", path);
+		(void)close(fd);
+		return (-1);
+	}
+
 	return (fd);
 }