e_util: add function to check whether file is link or not

According to security code guide, before open the file for write it
should be check the file is symbolic link.

Change-Id: I6273b886fe165e1420e8c3619f2b9cda1c0fe150

diff --git a/src/bin/e_comp_wl_input.c b/src/bin/e_comp_wl_input.c
index 8a250da..1f81d90 100644 (file)
--- a/src/bin/e_comp_wl_input.c
+++ b/src/bin/e_comp_wl_input.c
@@ -343,6 +343,11 @@ _e_comp_wl_input_keymap_cache_create(const char *keymap_path, char *keymap_data)
 
    if (keymap_path)
      {
+        if (!e_util_file_realpath_check(keymap_path, EINA_TRUE))
+          {
+             WRN("%s is maybe link, so delete it\n", keymap_path);
+          }
+
         file = fopen(keymap_path, "w");
         EINA_SAFETY_ON_NULL_RETURN(file);
 

diff --git a/src/bin/e_main.c b/src/bin/e_main.c
index ea12c33..11a7025 100644 (file)
--- a/src/bin/e_main.c
+++ b/src/bin/e_main.c
@@ -1267,8 +1267,14 @@ static void
 _e_main_create_wm_ready(void)
 {
    FILE *_wmready_checker = NULL;
+   const char *path_wm_ready = "/run/.wm_ready";
 
-   _wmready_checker = fopen("/run/.wm_ready", "wb");
+   if (!e_util_file_realpath_check(path_wm_ready, EINA_TRUE))
+     {
+        WRN("%s is maybe link, so delete it\n", path_wm_ready);
+     }
+
+   _wmready_checker = fopen(path_wm_ready, "wb");
    if (_wmready_checker)
      {
         TS("[WM] WINDOW MANAGER is READY!!!");
@@ -1277,7 +1283,8 @@ _e_main_create_wm_ready(void)
 
         /*TODO: Next lines should be removed. */
         FILE *_tmp_wm_ready_checker;
-        _tmp_wm_ready_checker = fopen("/tmp/.wm_ready", "wb");
+
+        _tmp_wm_ready_checker = fopen(path_wm_ready, "wb");
 
         if (_tmp_wm_ready_checker)
           {

diff --git a/src/bin/e_module.c b/src/bin/e_module.c
index 594b49b..cf6d8ea 100644 (file)
--- a/src/bin/e_module.c
+++ b/src/bin/e_module.c
@@ -892,8 +892,15 @@ static void
 _e_module_create_wm_start(void)
 {
    FILE *_wm_start_checker = NULL;
+   const char *path_wm_start_run = "/run/wm_start";
+   const char *path_wm_start_tmp = "/tmp/wm_start";
 
-   _wm_start_checker = fopen("/run/wm_start", "wb");
+   if (!e_util_file_realpath_check(path_wm_start_run, EINA_TRUE))
+     {
+        WRN("%s is maybe link, so delete it\n", path_wm_start_run);
+     }
+
+   _wm_start_checker = fopen(path_wm_start_run, "wb");
    if (_wm_start_checker)
      {
         PRCTL("[Winsys] /run/wm_start is created");
@@ -904,7 +911,12 @@ _e_module_create_wm_start(void)
         PRCTL("[Winsys] Failed to create /run/wm_start");
      }
 
-   _wm_start_checker = fopen("/tmp/wm_start", "wb");
+   if (!e_util_file_realpath_check(path_wm_start_tmp, EINA_TRUE))
+     {
+        WRN("%s is maybe link, so delete it\n", path_wm_start_tmp);
+     }
+
+   _wm_start_checker = fopen(path_wm_start_tmp, "wb");
    if (_wm_start_checker)
      {
         PRCTL("[Winsys] /tmp/wm_start is created");

diff --git a/src/bin/e_utils.c b/src/bin/e_utils.c
index 557dfbb..b41dd3c 100644 (file)
--- a/src/bin/e_utils.c
+++ b/src/bin/e_utils.c
@@ -1159,3 +1159,27 @@ e_util_memclear(void *s, size_t n)
 {
    memset_ptr(s, 0, n);
 }
+
+E_API Eina_Bool
+e_util_file_realpath_check(const char* path, Eina_Bool del_link)
+{
+   char *real_path;
+
+   if (!path)
+     return EINA_FALSE;
+
+   real_path = realpath(path, NULL);
+   if (real_path && strncmp(path, real_path, strlen(path)))
+     {
+        if (del_link)
+          unlink(path);
+        free(real_path);
+
+        return EINA_FALSE;
+     }
+
+   if (real_path)
+     free(real_path);
+
+   return EINA_TRUE;
+}
\ No newline at end of file

diff --git a/src/bin/e_utils.h b/src/bin/e_utils.h
index 00ae522..373ad6a 100644 (file)
--- a/src/bin/e_utils.h
+++ b/src/bin/e_utils.h
@@ -36,6 +36,8 @@ E_API const char  *e_util_filename_escape(const char *filename);
 //E_API char        *e_util_shell_env_path_eval(const char *path);
 E_API char        *e_util_size_string_get(off_t size);
 E_API char        *e_util_file_time_get(time_t ftime);
+E_API Eina_Bool    e_util_file_realpath_check(const char* path, Eina_Bool del_link);
+
 E_API Evas_Object *e_util_icon_add(const char *path, Evas *evas);
 //E_API Evas_Object *e_util_desktop_icon_add(Efreet_Desktop *desktop, unsigned int size, Evas *evas);
 E_API Evas_Object *e_util_icon_theme_icon_add(const char *icon_name, unsigned int size, Evas *evas);