replace getenv with vconf call for security issues

- it's more safe than calling getenv to deal with Security issue.

Change-Id: I05e533af9f78d7ed6860ae666dce1f6b1d9f1e3a

diff --git a/CMakeLists.txt b/CMakeLists.txt
index eb292f3..015a70c 100644 (file)
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -17,6 +17,7 @@ pkg_check_modules(pkgs REQUIRED
        dlog
        glib-2.0
        icu-i18n
+       vconf
 )
 
 FOREACH(flag ${pkgs_CFLAGS})

diff --git a/collation.c b/collation.c
index b950c33..cc692ca 100644 (file)
--- a/collation.c
+++ b/collation.c
@@ -36,6 +36,7 @@
 #include "collation.h"
 
 #include "db-util-debug.h"
+#include <vconf.h>
 
 #define DB_UTIL_RETV_IF(cond,ret) \
                        do {\
@@ -488,8 +489,15 @@ int db_util_create_collation(
        ret = __db_util_dl_load_icu();
        DB_UTIL_RETV_IF(ret != DB_UTIL_OK, DB_UTIL_ERROR);
 
+       const char *lang = vconf_get_str(VCONFKEY_LANGSET);
        /* get current locale */
-       icu_symbol.icu_uloc_setDefault((const char*)getenv("LANG"), &status);
+       if (lang) {
+               icu_symbol.icu_uloc_setDefault(lang, &status);
+               free(lang);
+       } else {
+               DB_UTIL_TRACE_WARNING("Fail to get current language vconf : %d", DB_UTIL_ERR_ENV);
+               return DB_UTIL_ERROR;
+       }
        locale = icu_symbol.icu_uloc_getDefault();
        if(locale == NULL) {
                DB_UTIL_TRACE_WARNING("Fail to get current locale : %d", DB_UTIL_ERR_ENV);

diff --git a/packaging/libslp-db-util.spec b/packaging/libslp-db-util.spec
index 28ffe84..84ef3fe 100755 (executable)
--- a/packaging/libslp-db-util.spec
+++ b/packaging/libslp-db-util.spec
@@ -12,6 +12,7 @@ BuildRequires:  pkgconfig(dlog)
 BuildRequires:  pkgconfig(glib-2.0)
 BuildRequires:  pkgconfig(icu-i18n)
 BuildRequires:  pkgconfig(sqlite3)
+BuildRequires:  pkgconfig(vconf)
 
 %description
 DB Utility.