Use absolute path of where .so is

Loading a library dynamically without specifying an absolute path could
allow an attacker to link a malicious library by changing
`$LD_LIBRARY_PATH` or other aspects of the program's execution
environment

Change-Id: I664e7530b9ffb8415a2d5b38ed8c2988f901f533
Signed-off-by: MyoungJune Park <mj2004.park@samsung.com>

diff --git a/collation.c b/collation.c
index 5b38fb5..93e3320 100644 (file)
--- a/collation.c
+++ b/collation.c
@@ -54,6 +54,7 @@
                        }while(0)
 
 #define DB_UTIL_ERR_COL_FUNC_RET DB_UTIL_ERROR
+#define ICUI18N_LIBPATH "/usr/lib/libicui18n.so"
 
 enum {
        DB_UTIL_ERR_DLOPEN = -10,
@@ -118,7 +119,7 @@ static int __db_util_dl_load_icu()
        };
 
        if(g_dl_icu_handle == NULL) {
-               g_dl_icu_handle = dlopen("libicui18n.so", RTLD_LAZY | RTLD_GLOBAL);
+               g_dl_icu_handle = dlopen(ICUI18N_LIBPATH, RTLD_LAZY | RTLD_GLOBAL);
                if(g_dl_icu_handle == NULL) {
                        DB_UTIL_TRACE_WARNING("dlopen icu so fail");
                        return DB_UTIL_ERR_DLOPEN;