dump: add function to check whether file is link or not

According to security code guide, before open the file for write it
should be check the file is symbolic link.

Change-Id: I11e5be6898640995669c470cec703aef93869bfd

diff --git a/src/tdm_helper.c b/src/tdm_helper.c
index cf05aa0..947d41e 100644 (file)
--- a/src/tdm_helper.c
+++ b/src/tdm_helper.c
@@ -68,12 +68,40 @@ tdm_helper_get_time(void)
        return 0;
 }
 
+static int
+_tdm_helper_check_file_is_valid(const char* path, int del_link)
+{
+       char *real_path;
+
+       if (!path)
+               return 0;
+
+       real_path = realpath(path, NULL);
+       if (real_path && strncmp(path, real_path, strlen(path))) {
+               if (del_link)
+                       unlink(path);
+               free(real_path);
+
+               return 0;
+       }
+
+       if (real_path)
+               free(real_path);
+
+       return 1;
+}
+
 static void
 _tdm_helper_dump_raw(const char *file, void *data1, int size1, void *data2,
                                         int size2, void *data3, int size3)
 {
        unsigned int *blocks;
-       FILE *fp = fopen(file, "w+");
+       FILE *fp;
+
+       if (!_tdm_helper_check_file_is_valid(file, 1))
+               TDM_WRN("'%s' may be symbolic link\n", file);
+
+       fp = fopen(file, "w+");
        TDM_RETURN_IF_FAIL(fp != NULL);
 
        blocks = (unsigned int *)data1;
@@ -96,7 +124,12 @@ static void
 _tdm_helper_dump_png(const char *file, const void *data, int width,
                                         int height)
 {
-       FILE *fp = fopen(file, "wb");
+       FILE *fp;
+
+       if (!_tdm_helper_check_file_is_valid(file, 1))
+               TDM_WRN("'%s' may be symbolic link\n", file);
+
+       fp = fopen(file, "wb");
        TDM_RETURN_IF_FAIL(fp != NULL);
 
        png_structp pPngStruct =