e_util: add function to check whether file is link or not

According to security code guide, before open the file for write it
should be check the file is symbolic link.

Change-Id: I6273b886fe165e1420e8c3619f2b9cda1c0fe150

diff --git a/src/bin/e_comp_wl_input.c b/src/bin/e_comp_wl_input.c
index 8a250da710630993722b1a0bb48ccea1a2573c87..1f81d900291bcf651731c09406dda7de53d185d5 100644 (file)
--- a/src/bin/e_comp_wl_input.c
+++ b/src/bin/e_comp_wl_input.c
@@ -343,6 +343,11 @@ _e_comp_wl_input_keymap_cache_create(const char *keymap_path, char *keymap_data)
 
    if (keymap_path)
      {
+        if (!e_util_file_realpath_check(keymap_path, EINA_TRUE))
+          {
+             WRN("%s is maybe link, so delete it\n", keymap_path);
+          }
+
         file = fopen(keymap_path, "w");
         EINA_SAFETY_ON_NULL_RETURN(file);
 

diff --git a/src/bin/e_main.c b/src/bin/e_main.c
index ea12c33f196c8641382cd1b7889906b26cb81442..11a702560123245af4e28f0304fd0f6759cb9480 100644 (file)
--- a/src/bin/e_main.c
+++ b/src/bin/e_main.c
@@ -1267,8 +1267,14 @@ static void
 _e_main_create_wm_ready(void)
 {
    FILE *_wmready_checker = NULL;
+   const char *path_wm_ready = "/run/.wm_ready";
 
-   _wmready_checker = fopen("/run/.wm_ready", "wb");
+   if (!e_util_file_realpath_check(path_wm_ready, EINA_TRUE))
+     {
+        WRN("%s is maybe link, so delete it\n", path_wm_ready);
+     }
+
+   _wmready_checker = fopen(path_wm_ready, "wb");
    if (_wmready_checker)
      {
         TS("[WM] WINDOW MANAGER is READY!!!");
@@ -1277,7 +1283,8 @@ _e_main_create_wm_ready(void)
 
         /*TODO: Next lines should be removed. */
         FILE *_tmp_wm_ready_checker;
-        _tmp_wm_ready_checker = fopen("/tmp/.wm_ready", "wb");
+
+        _tmp_wm_ready_checker = fopen(path_wm_ready, "wb");
 
         if (_tmp_wm_ready_checker)
           {

diff --git a/src/bin/e_module.c b/src/bin/e_module.c
index 594b49b41299887b95500e47b7cedebcb6d8830e..cf6d8ead4c0bff584decd75e9db2d61aa90548c6 100644 (file)
--- a/src/bin/e_module.c
+++ b/src/bin/e_module.c
@@ -892,8 +892,15 @@ static void
 _e_module_create_wm_start(void)
 {
    FILE *_wm_start_checker = NULL;
+   const char *path_wm_start_run = "/run/wm_start";
+   const char *path_wm_start_tmp = "/tmp/wm_start";
 
-   _wm_start_checker = fopen("/run/wm_start", "wb");
+   if (!e_util_file_realpath_check(path_wm_start_run, EINA_TRUE))
+     {
+        WRN("%s is maybe link, so delete it\n", path_wm_start_run);
+     }
+
+   _wm_start_checker = fopen(path_wm_start_run, "wb");
    if (_wm_start_checker)
      {
         PRCTL("[Winsys] /run/wm_start is created");
@@ -904,7 +911,12 @@ _e_module_create_wm_start(void)
         PRCTL("[Winsys] Failed to create /run/wm_start");
      }
 
-   _wm_start_checker = fopen("/tmp/wm_start", "wb");
+   if (!e_util_file_realpath_check(path_wm_start_tmp, EINA_TRUE))
+     {
+        WRN("%s is maybe link, so delete it\n", path_wm_start_tmp);
+     }
+
+   _wm_start_checker = fopen(path_wm_start_tmp, "wb");
    if (_wm_start_checker)
      {
         PRCTL("[Winsys] /tmp/wm_start is created");

diff --git a/src/bin/e_utils.c b/src/bin/e_utils.c
index 557dfbbb360aa0c33b89c490a55fbb1432a2054e..b41dd3c88b8997560cdf371e8608d72f3bfda567 100644 (file)
--- a/src/bin/e_utils.c
+++ b/src/bin/e_utils.c
@@ -1159,3 +1159,27 @@ e_util_memclear(void *s, size_t n)
 {
    memset_ptr(s, 0, n);
 }
+
+E_API Eina_Bool
+e_util_file_realpath_check(const char* path, Eina_Bool del_link)
+{
+   char *real_path;
+
+   if (!path)
+     return EINA_FALSE;
+
+   real_path = realpath(path, NULL);
+   if (real_path && strncmp(path, real_path, strlen(path)))
+     {
+        if (del_link)
+          unlink(path);
+        free(real_path);
+
+        return EINA_FALSE;
+     }
+
+   if (real_path)
+     free(real_path);
+
+   return EINA_TRUE;
+}
\ No newline at end of file

diff --git a/src/bin/e_utils.h b/src/bin/e_utils.h
index 00ae522a51e4fb93b3de80ec58a4cbdb0b81b095..373ad6a8baed7aea7a5d950e587eb0bf90cb9905 100644 (file)
--- a/src/bin/e_utils.h
+++ b/src/bin/e_utils.h
@@ -36,6 +36,8 @@ E_API const char  *e_util_filename_escape(const char *filename);
 //E_API char        *e_util_shell_env_path_eval(const char *path);
 E_API char        *e_util_size_string_get(off_t size);
 E_API char        *e_util_file_time_get(time_t ftime);
+E_API Eina_Bool    e_util_file_realpath_check(const char* path, Eina_Bool del_link);
+
 E_API Evas_Object *e_util_icon_add(const char *path, Evas *evas);
 //E_API Evas_Object *e_util_desktop_icon_add(Efreet_Desktop *desktop, unsigned int size, Evas *evas);
 E_API Evas_Object *e_util_icon_theme_icon_add(const char *icon_name, unsigned int size, Evas *evas);