The fopen is vulnerable to hacker's attack.

[Example]
The hacker could do as below.
 $ rm /tmp/temp.txt
 $ ln -s /etc/passwd /tmp/temp.txt

[Reference]
 - http://research.cs.wisc.edu/mist/presentations/kupsch_miller_secse08.pdf
 - http://ocean.kisti.re.kr/downfile/volume/kips/JBCREI/2008/v15An1/JBCREI_2008_v15An1_45.pdf

Change-Id: I9a9b6a88f9ef7f520790cacaff0ced4ef9705828

diff --git a/src/main.c b/src/main.c
index 3db2a97..f2aa9ab 100644 (file)
--- a/src/main.c
+++ b/src/main.c
@@ -148,8 +148,14 @@ void posix_signal_handler(int sig, siginfo_t * siginfo, void *context)
        if (log_file) {
                (void)context;
                print_warning(sig, siginfo, stderr);
-               print_warning(sig, siginfo, log_file);
-               posix_print_stack_trace(log_file);
+
+               /* check file if it is symbolic link */
+               struct stat lstat_info;
+               if (lstat(file_name, &lstat_info) != -1) {
+                       print_warning(sig, siginfo, log_file);
+                       posix_print_stack_trace(log_file);
+               }
+
                fclose(log_file);
                log_file = NULL;
        }