[Subplugin] check symlink before getting handle

Add code to check symlink before open file handle.
(fix one of security issues)

Signed-off-by: Jaeyun Jung <jy1210.jung@samsung.com>

diff --git a/gst/nnstreamer/nnstreamer_subplugin.c b/gst/nnstreamer/nnstreamer_subplugin.c
index 04c09ee..2a4c3d9 100644 (file)
--- a/gst/nnstreamer/nnstreamer_subplugin.c
+++ b/gst/nnstreamer/nnstreamer_subplugin.c
@@ -74,7 +74,10 @@ get_subplugin (subpluginType type, const char *name)
     /* Search and register if found with the conf */
     const gchar *fullpath = nnsconf_get_fullpath (name, type);
 
-    if (fullpath == NULL)
+    /**
+     * @todo Consider to add option to open symbolic link file and version-specified library name.
+     */
+    if (fullpath == NULL || g_file_test (fullpath, G_FILE_TEST_IS_SYMLINK))
       goto error;               /* No Such Thing !!! */
 
     G_UNLOCK (splock);

diff --git a/gst/nnstreamer/tensor_filter/tensor_filter_custom.c b/gst/nnstreamer/tensor_filter/tensor_filter_custom.c
index 7f94bee..9a8f47d 100644 (file)
--- a/gst/nnstreamer/tensor_filter/tensor_filter_custom.c
+++ b/gst/nnstreamer/tensor_filter/tensor_filter_custom.c
@@ -70,6 +70,14 @@ custom_loadlib (const GstTensorFilterProperties * prop, void **private_data)
     return -1;
   }
 
+  /**
+   * @todo Consider to add option to open symbolic link file and version-specified library name.
+   */
+  if (g_file_test (prop->model_file, G_FILE_TEST_IS_SYMLINK)) {
+    /* symbolic link */
+    return -1;
+  }
+
   ptr = g_new0 (internal_data, 1);      /* Fill Zero! */
   *private_data = ptr;