[SATDEVKIT-2522]Symbolic link issues handled

[sdk/target/sdbd.git] / src / sdb.c

diff --git a/src/sdb.c b/src/sdb.c
index ba6e1ac..68e20f4 100644 (file)
--- a/src/sdb.c
+++ b/src/sdb.c
@@ -1307,16 +1307,26 @@ static void booting_done_signal_subscriber(GDBusConnection *connection,
 
     D("received the \"%s\" signal\n", signal);
 
+    char cRealPath[PATH_MAX]= {0, };
     booting_done = 1;
     if (access(SDBD_BOOT_INFO_FILE, F_OK) == 0) {
         I("booting is already done\n");
     } else {
         FILE *info_file = fopen(SDBD_BOOT_INFO_FILE, "w");
         if (info_file != NULL) {
-            fprintf(info_file, "%d", 1);
-            fclose(info_file);
+               if (realpath(SDBD_BOOT_INFO_FILE, cRealPath) != NULL) {
+                        if (strcmp(SDBD_BOOT_INFO_FILE, cRealPath) == 0) {
+                                fprintf(info_file, "%d", 1);
+                                I("booting is done\n");
+                        } else {
+                                D("Path has symbolic link, security risk \n");
+                                return;
+                        }
+               } else {
+                       D("Getting realpath failed\n");
+               }
+               fclose(info_file);
         }
-        I("booting is done\n");
     }
 
     I("handled the booting done signal\n");