2 files changed, 25 insertions, 8 deletions

diff --git a/README.md b/README.md
index e7747dd..8b85103 100644
--- a/README.md
+++ b/README.md
@@ -1,8 +1,9 @@
 # Vault
 
+Note: This software is WIP. There may be bugs or unintended behavior.
+
 Vault is an opinionated web-based file manager. It is built in C for OpenBSD around the CGI standard, following these main principles:
 
-* __secure__: a great amount of time has been devoted to avoid undefined behaviour and security issues
 * __simple__: browse, create and delete folders; download and upload files. JavaScript support is optional on the client side and its absence should be handled gracefully. Everything should work from a terminal-based web browser
 * __fast__: with the server running on an ARM SBC, there should not be any noticeable delay when loading a page
 
diff --git a/main.c b/main.c
index bd5c33d..b060d15 100644
--- a/main.c
+++ b/main.c
@@ -63,34 +63,48 @@ main(void)
 	enum kcgi_err parse_err;
 	struct kreq r;
 
-	if (kutil_openlog(LOG_FILE) == 0)
+	if (kutil_openlog(LOG_FILE) == 0) {
 		http_exit(NULL, KHTTP_500, "Unable to open %s", LOG_FILE);
+		return EXIT_SUCCESS;
+	}
 
 	parse_err = khttp_parse(&r, NULL, 0, pages, PAGE__MAX, PAGE_BROWSE);
-	if (parse_err != KCGI_OK)
+	if (parse_err != KCGI_OK) {
 		http_exit(NULL, KHTTP_500, "Unable to parse request: %s",
 			  kcgi_strerror(parse_err));
+		return EXIT_SUCCESS;
+	}
 
 	data_dir = config_data_dir();
-	if (data_dir == NULL)
+	if (data_dir == NULL) {
 		http_exit(NULL, KHTTP_500, "Data dir not configured");
+		goto end;
+	}
 
 	/* A bit of security cannot hurt */
 	if (-1 == unveil(data_dir, "rwc")
 	    || -1 == unveil(TEMPLATE_DIR, "r")
-	    || -1 == unveil(NULL, NULL))
+	    || -1 == unveil(NULL, NULL)) {
 		http_exit(&r, KHTTP_500, "Unveil failed: %s", strerror(errno));
-	if (-1 == pledge("stdio rpath wpath cpath", NULL))
+		goto end;
+	}
+	if (-1 == pledge("stdio rpath wpath cpath", NULL)) {
 		http_exit(&r, KHTTP_500, "Pledge failed: %s", strerror(errno));
+		goto end;
+	}
 
 	/*
 	 * Make sure basic request parameters are as expected : GET or POST,
 	 * valid page and HTML document
 	 */
-	if (r.method != KMETHOD_GET && r.method != KMETHOD_POST)
+	if (r.method != KMETHOD_GET && r.method != KMETHOD_POST) {
 		http_exit(&r, KHTTP_405, NULL);
-	if (r.page == PAGE__MAX)
+		goto end;
+	}
+	if (r.page == PAGE__MAX) {
 		http_exit(&r, KHTTP_404, NULL);
+		goto end;
+	}
 
 	switch (r.page) {
 	case PAGE_BROWSE:
@@ -109,8 +123,10 @@ main(void)
 		break;
 	default:
 		http_exit(&r, KHTTP_404, NULL);
+		goto end;
 	}
 
+end:
 	khttp_free(&r);
 
 	return EXIT_SUCCESS;