[security] added check routine for symbolic link file

Change-Id: I5d5fd17eec5a7f1495d6b4359a2fa8ae749b526b
Signed-off-by: Sangdok Mo <sd.mo@samsung.com>

diff --git a/src/api/maps_view_snapshot.cpp b/src/api/maps_view_snapshot.cpp
index 3c6e6d1..da1e9a8 100644 (file)
--- a/src/api/maps_view_snapshot.cpp
+++ b/src/api/maps_view_snapshot.cpp
@@ -15,6 +15,7 @@
  */
 
 #include <stdlib.h>
+#include <sys/stat.h>
 #include <image_util.h>
 #include <unistd.h> /* access */
 
@@ -67,6 +68,16 @@ static bool __encode_bitmap_file(const void *data, int width, int height, const
               unsigned int nimpcolors;
        } bmp_dib_v3_header_t = { 0x28, 0, 0, 1, 24, 0, 0, 0, 0, 0, 0 };
 
+          struct stat file_info;
+          if (0 != lstat(file, &file_info)) {
+              MAPS_LOGE("lstat failed"); //LCOV_EXCL_LINE
+              return false;
+          }
+          if (S_ISLNK(file_info.st_mode)) {
+              MAPS_LOGE("symbolic linked file"); //LCOV_EXCL_LINE
+              return false;
+          }
+
        unsigned int *blocks;
        FILE *fp = fopen(file, "w+");
        int i;