Added validation for path existence on CLI options.

Author: allinurl

src/options.c

@@ -779,12 +779,24 @@ parse_long_opt (const char *name, const char *oarg) {
     conf.restore = 1;
 
   /* TLS/SSL certificate */
-  if (!strcmp ("ssl-cert", name))
+  if (!strcmp("ssl-cert", name)) {
+    // Check if the SSL certificate file exists and is readable
+    if (access(oarg, F_OK) != 0)
+      FATAL("SSL certificate file does not exist");
+    if (access(oarg, R_OK) != 0)
+      FATAL("SSL certificate file is not accessible");
     conf.sslcert = oarg;
+  }
 
   /* TLS/SSL private key */
-  if (!strcmp ("ssl-key", name))
+  if (!strcmp("ssl-key", name)) {
+    // Check if the SSL private key file exists and is readable
+    if (access(oarg, F_OK) != 0)
+      FATAL("SSL key file does not exist");
+    if (access(oarg, R_OK) != 0)
+      FATAL("SSL key file is not accessible");
     conf.sslkey = oarg;
+  }
 
   /* timezone */
   if (!strcmp ("tz", name))
@@ -962,8 +974,15 @@ parse_long_opt (const char *name, const char *oarg) {
   }
 
   /* specifies the path of the database file */
-  if (!strcmp ("db-path", name))
+  if (!strcmp("db-path", name)) {
+    struct stat st;
+    // Check if the directory exists and is accessible
+    if (stat(oarg, &st) != 0 || !S_ISDIR(st.st_mode)) {
+      perror("Database path does not exist or is not a directory");
+      return -1;  // Return error or handle as appropriate
+    }
     conf.db_path = oarg;
+  }
 
   /* specifies the regex to extract the virtual host */
   if (!strcmp ("fname-as-vhost", name) && oarg && *oarg != '\0')
@@ -1186,4 +1205,8 @@ read_option_args (int argc, char **argv) {
         ("--ws-auth-refresh-url requires both --ws-auth with verify and --ws-auth-url to be set.");
     }
   }
+  // Ensure that both ssl-cert and ssl-key are either both set or both unset
+  if ((conf.sslcert && !conf.sslkey) || (!conf.sslcert && conf.sslkey)) {
+    FATAL("Both --ssl-cert and --ssl-key must be set and accessible.");
+  }
 }