diff --git a/ChangeLog.txt b/ChangeLog.txt
index 1adb1d45c0..92a0f8374a 100644
--- a/ChangeLog.txt
+++ b/ChangeLog.txt
@@ -24,6 +24,8 @@ Broker:
   These clients are now rejected if their keepalive value exceeds
   max_keepalive. This option allows CVE-2020-13849, which is for the MQTT
   v3.1.1 protocol itself rather than an implementation, to be addressed.
+- Fix broker not quiting if e.g. the `password_file` is specified as a
+  directory. Closes #2241.
 
 Client library:
 - If a client uses TLS-PSK then force the default cipher list to use "PSK"
diff --git a/lib/misc_mosq.c b/lib/misc_mosq.c
index 7f18bd500b..65ddb93a1a 100644
--- a/lib/misc_mosq.c
+++ b/lib/misc_mosq.c
@@ -37,6 +37,7 @@ SPDX-License-Identifier: EPL-2.0 OR BSD-3-Clause
 #endif
 
 #include "misc_mosq.h"
+#include "logging_mosq.h"
 
 
 FILE *mosquitto__fopen(const char *path, const char *mode, bool restrict_read)
@@ -116,6 +117,16 @@ FILE *mosquitto__fopen(const char *path, const char *mode, bool restrict_read)
 		}
 	}
 #else
+	struct stat statbuf;
+	if(stat(path, &statbuf) < 0){
+		return NULL;
+	}
+
+	if(!S_ISREG(statbuf.st_mode) && !S_ISLNK(statbuf.st_mode)){
+		log__printf(NULL, MOSQ_LOG_ERR, "Error: %s is not a file.", path);
+		return NULL;
+	}
+
 	if (restrict_read) {
 		FILE *fptr;
 		mode_t old_mask;
@@ -164,7 +175,7 @@ char *fgets_extending(char **buf, int *buflen, FILE *stream)
 
 	do{
 		rc = fgets(&((*buf)[offset]), (*buflen)-offset, stream);
-		if(feof(stream)){
+		if(feof(stream) || rc == NULL){
 			return rc;
 		}