Fix security issue

Change-Id: I5c2742843ddfb86cb5c052e8abaeba9739319466
Signed-off-by: Suyeon Hwang <stom.hwang@samsung.com>

diff --git a/common/vc_config_parser.c b/common/vc_config_parser.c
index eb9c867..f8ed365 100644 (file)
--- a/common/vc_config_parser.c
+++ b/common/vc_config_parser.c
@@ -54,7 +54,7 @@ static int __vc_config_parser_set_file_mode(const char* filename)
                return -1;
        }
 
-       if (0 > chmod(filename, 0666)) {
+       if (0 > chmod(filename, 0600)) {
                SLOG(LOG_ERROR, vc_config_tag(), "[ERROR] Fail to change file mode");
                return -1;
        }

diff --git a/common/vc_info_parser.c b/common/vc_info_parser.c
index 566e83b..8fda8ae 100644 (file)
--- a/common/vc_info_parser.c
+++ b/common/vc_info_parser.c
@@ -77,7 +77,7 @@ static int __vc_info_parser_set_file_mode(const char* filename)
                return -1;
        }
 
-       if (0 > chmod(filename, 0666)) {
+       if (0 > chmod(filename, 0600)) {
                SLOG(LOG_ERROR, vc_info_tag(), "[ERROR] Fail to change file mode");
                return -1;
        }

diff --git a/server/vcd_recorder.c b/server/vcd_recorder.c
index f701b47..a1dfd2b 100644 (file)
--- a/server/vcd_recorder.c
+++ b/server/vcd_recorder.c
@@ -837,11 +837,27 @@ int vcd_recorder_start()
        char normal_file_name[128] = {'\0',};
        g_count++;
 
-       snprintf(normal_file_name, sizeof(normal_file_name), "/tmp/vc_normal_%d_%d", getpid(), g_count);
+       while (1) {
+               snprintf(normal_file_name, sizeof(normal_file_name), "/tmp/vc_normal_%d_%d", getpid(), g_count);
+               ret = access(normal_file_name, 0);
+
+               if (0 == ret) {
+                       SLOG(LOG_ERROR, TAG_VCD, "[Recorder ERROR] File is already exist");
+                       if (0 == remove(normal_file_name)) {
+                               SLOG(LOG_DEBUG, TAG_VCD, "[Recorder] Remove file");
+                               break;
+                       } else {
+                               g_count++;
+                       }
+               } else {
+                       break;
+               }
+       }
+
        SLOG(LOG_DEBUG, TAG_VCD, "[Recorder] File normal name : %s", normal_file_name);
 
        /* open test file */
-       g_normal_file = fopen(normal_file_name, "wb+");
+       g_normal_file = fopen(normal_file_name, "wb+x");
        if (!g_normal_file) {
                SLOG(LOG_ERROR, TAG_VCD, "[Recorder ERROR] File not found!");
        }