+ else if(strcmp(node[i]->element,xml_prefilter_cmd) == 0)
+ {
+ char cmd[OS_MAXSTR];
+ struct stat statbuf;
+
+ #ifdef WIN32
+ ExpandEnvironmentStrings(node[i]->content, cmd, sizeof(cmd) -1);
+ #else
+ strncpy(cmd, node[i]->content, sizeof(cmd)-1);
+ #endif
+
+ if (strlen(cmd) > 0) {
+ char statcmd[OS_MAXSTR];
+ char *ix;
+ strncpy(statcmd, cmd, sizeof(statcmd)-1);
+ if (NULL != (ix = strchr(statcmd, ' '))) { *ix = '\0'; }
+ if (stat(statcmd, &statbuf) == 0) {
+ // More checks needed (perms, owner, etc.)
+ os_calloc(1, strlen(cmd)+1, syscheck->prefilter_cmd);
+ strncpy(syscheck->prefilter_cmd, cmd, strlen(cmd));
+ }
+ else
+ {
+ merror(XML_VALUEERR,ARGV0, node[i]->element, node[i]->content);
+ return(OS_INVALID);
+ }
+ }
+ }