===================================================================
RCS file: /cvs/mandoc/mandocdb.c,v
retrieving revision 1.267
retrieving revision 1.272
diff -u -p -r1.267 -r1.272
--- mandoc/mandocdb.c	2020/04/03 11:35:01	1.267
+++ mandoc/mandocdb.c	2023/04/28 19:11:03	1.272
@@ -1,6 +1,6 @@
-/* $Id: mandocdb.c,v 1.267 2020/04/03 11:35:01 schwarze Exp $ */
+/* $Id: mandocdb.c,v 1.272 2023/04/28 19:11:03 schwarze Exp $ */
 /*
- * Copyright (c) 2011-2020 Ingo Schwarze <schwarze@openbsd.org>
+ * Copyright (c) 2011-2021 Ingo Schwarze <schwarze@openbsd.org>
  * Copyright (c) 2011, 2012 Kristaps Dzonsons <kristaps@bsd.lv>
  * Copyright (c) 2016 Ed Maste <emaste@freebsd.org>
  *
@@ -165,6 +165,9 @@ static	void	 putkey(const struct mpage *, char *, uint
 static	void	 putkeys(const struct mpage *, char *, size_t, uint64_t);
 static	void	 putmdockey(const struct mpage *,
 			const struct roff_node *, uint64_t, int);
+#ifdef READ_ALLOWED_PATH
+static	int	 read_allowed(const char *);
+#endif
 static	int	 render_string(char **, size_t *);
 static	void	 say(const char *, const char *, ...)
 			__attribute__((__format__ (__printf__, 2, 3)));
@@ -529,6 +532,9 @@ out:
 	mpages_free();
 	ohash_delete(&mpages);
 	ohash_delete(&mlinks);
+#if DEBUG_MEMORY
+	mandoc_dbg_finish();
+#endif
 	return exitcode;
 usage:
 	progname = getprogname();
@@ -612,8 +618,8 @@ treescan(void)
 				continue;
 			}
 			if (strncmp(buf, basedir, basedir_len) != 0
-#ifdef HOMEBREWDIR
-			    && strncmp(buf, HOMEBREWDIR, strlen(HOMEBREWDIR))
+#ifdef READ_ALLOWED_PATH
+			    && !read_allowed(buf)
 #endif
 			) {
 				if (warnings) say("",
@@ -626,6 +632,8 @@ treescan(void)
 					say(path, "&stat");
 				continue;
 			}
+			if ((ff->fts_statp->st_mode & S_IFMT) != S_IFREG)
+				continue;
 			/* FALLTHROUGH */
 
 		/*
@@ -796,7 +804,7 @@ filescan(const char *infile)
 	 * We have to do lstat(2) before realpath(3) loses
 	 * the information whether this is a symbolic link.
 	 * We need to know that because for symbolic links,
-	 * we want to use the orginal file name, while for
+	 * we want to use the original file name, while for
 	 * regular files, we want to use the real path.
 	 */
 	if (lstat(infile, &st) == -1) {
@@ -823,8 +831,8 @@ filescan(const char *infile)
 		start = usefile;
 	else if (strncmp(usefile, basedir, basedir_len) == 0)
 		start = usefile + basedir_len;
-#ifdef HOMEBREWDIR
-	else if (strncmp(usefile, HOMEBREWDIR, strlen(HOMEBREWDIR)) == 0)
+#ifdef READ_ALLOWED_PATH
+	else if (read_allowed(usefile))
 		start = usefile;
 #endif
 	else {
@@ -2246,11 +2254,11 @@ dbwrite(struct dba *dba)
 		say(tfn, "&dba_write");
 		goto err;
 	}
-	if ((fd1 = open(MANDOC_DB, O_RDONLY, 0)) == -1) {
+	if ((fd1 = open(MANDOC_DB, O_RDONLY)) == -1) {
 		say(MANDOC_DB, "&open");
 		goto err;
 	}
-	if ((fd2 = open(tfn, O_RDONLY, 0)) == -1) {
+	if ((fd2 = open(tfn, O_RDONLY)) == -1) {
 		say(tfn, "&open");
 		goto err;
 	}
@@ -2380,6 +2388,25 @@ set_basedir(const char *targetdir, int report_baddir)
 	}
 	return 1;
 }
+
+#ifdef READ_ALLOWED_PATH
+static int
+read_allowed(const char *candidate)
+{
+	const char	*cp;
+	size_t		 len;
+
+	for (cp = READ_ALLOWED_PATH;; cp += len) {
+		while (*cp == ':')
+			cp++;
+		if (*cp == '\0')
+			return 0;
+		len = strcspn(cp, ":");
+		if (strncmp(candidate, cp, len) == 0)
+			return 1;
+	}
+}
+#endif
 
 static void
 say(const char *file, const char *format, ...)