Add to check realpath before fopen

Change-Id: If29fb2f6e731625dd2b69fa3a8db404345bb3b72
Signed-off-by: Jiyong Min <jiyong.min@samsung.com>

diff --git a/jpeg/mm_util_jpeg.c b/jpeg/mm_util_jpeg.c
index 9f3a271..9a7e028 100755 (executable)
--- a/jpeg/mm_util_jpeg.c
+++ b/jpeg/mm_util_jpeg.c
@@ -454,6 +454,7 @@ static void __my_error_exit(j_common_ptr cinfo)
 static int __mm_image_encode_to_jpeg_file_with_libjpeg(const char *pFileName, void *rawdata, int width, int height, mm_util_jpeg_yuv_format fmt, int quality)
 {
        int iErrorCode = MM_UTIL_ERROR_NONE;
+       char *realPATH = NULL;
 
        struct jpeg_compress_struct cinfo;
        struct jpeg_error_mgr jerr;
@@ -477,12 +478,26 @@ static int __mm_image_encode_to_jpeg_file_with_libjpeg(const char *pFileName, vo
 
        jpeg_create_compress(&cinfo);
 
-       if ((fpWriter = fopen(pFileName, "wb")) == NULL) {
-               mm_util_error("[infile] file open [%s] failed", pFileName);
-               mm_util_stderror("file open failed");
+       realPATH = realpath(pFileName, NULL);
+       if (realPATH == NULL) {
+               mm_util_error("realpath failed");
+               return MM_UTIL_ERROR_NO_SUCH_FILE;
+       }
+       if (!strncmp(pFileName, realPATH, strlen(pFileName))) {
+               if ((fpWriter = fopen(pFileName, "wb")) == NULL) {
+                       mm_util_error("[infile] file open [%s] failed", pFileName);
+                       mm_util_stderror("file open failed");
+                       MMUTIL_SAFE_FREE(realPATH);
+                       return MM_UTIL_ERROR_NO_SUCH_FILE;
+               }
+       } else {
+               mm_util_error("[infile] file [%s] is symlink", pFileName);
+               MMUTIL_SAFE_FREE(realPATH);
                return MM_UTIL_ERROR_NO_SUCH_FILE;
        }
 
+       MMUTIL_SAFE_FREE(realPATH);
+
        jpeg_stdio_dest(&cinfo, fpWriter);
        cinfo.image_width = width;
        cinfo.image_height = height;

diff --git a/png/mm_util_png.c b/png/mm_util_png.c
index 80cb8d3..9f08ca8 100755 (executable)
--- a/png/mm_util_png.c
+++ b/png/mm_util_png.c
@@ -474,11 +474,34 @@ int write_png(void **data, mm_util_png_data *encoded, FILE *fp)
 int mm_util_encode_to_png_file(void **data, mm_util_png_data *encoded, const char *fpath)
 {
        int ret = MM_UTIL_ERROR_NONE;
+       char *realPATH = NULL;
        FILE *fp;
 
        mm_util_debug("mm_util_encode_to_png");
-       if ((fp = fopen(fpath, "w")) == NULL)
+
+       if (fpath == NULL) {
+               mm_util_error("Invalid parameter");
+               return MM_UTIL_ERROR_NO_SUCH_FILE;
+       }
+
+       realPATH = realpath(fpath, NULL);
+       if (realPATH == NULL) {
+               mm_util_error("realpath failed");
+               return MM_UTIL_ERROR_NO_SUCH_FILE;
+       }
+
+       if (!strncmp(fpath, realPATH, strlen(fpath))) {
+               if ((fp = fopen(fpath, "w")) == NULL) {
+                       mm_util_stderror("file open failed");
+                       MMUTIL_SAFE_FREE(realPATH);
+                       return MM_UTIL_ERROR_NO_SUCH_FILE;
+               }
+       } else {
+               mm_util_error("file is symbolic link");
+               MMUTIL_SAFE_FREE(realPATH);
                return MM_UTIL_ERROR_NO_SUCH_FILE;
+       }
+       MMUTIL_SAFE_FREE(realPATH);
 
        ret = write_png(data, encoded, fp);