Define absolute file path at popen calling

[Model] All
[BinType] AP
[Customer] OPEN

[Issue#] N/A
[Request] N/A
[Occurrence Version] N/A

[Problem] Security issue
[Cause & Measure] Define absolute file path
[Checking Method] N/A

[Team] Open Source Management and Setting Part
[Developer] dh0128.kwak
[Solution company] Samsung
[Change Type] N/A

Change-Id: I610a4cd9840595b85ab1913447c5d07c422148ce
Signed-off-by: DongHun Kwak <dh0128.kwak@samsung.com>

diff --git a/packaging/icu.spec b/packaging/icu.spec
index 7d17176..610ea29 100644 (file)
--- a/packaging/icu.spec
+++ b/packaging/icu.spec
@@ -47,6 +47,9 @@ Includes and definitions for developing with icu.
 cp %{SOURCE1001} .
 
 %build
+export CFLAGS="$CFLAGS -D_TIZEN_FEATURE_"
+export CXXFLAGS="$CXXFLAGS -D_TIZEN_FEATURE_"
+
 cd source
 %configure --enable-static=no \
             --enable-renaming=no \

diff --git a/source/tools/pkgdata/pkgdata.cpp b/source/tools/pkgdata/pkgdata.cpp
index 8b99f75..087de15 100644 (file)
--- a/source/tools/pkgdata/pkgdata.cpp
+++ b/source/tools/pkgdata/pkgdata.cpp
@@ -568,7 +568,7 @@ static int32_t pkg_executeOptions(UPKGOptions *o) {
                 uprv_strcat(targetDir, PKGDATA_FILE_SEP_STRING);
                 uprv_strcat(targetDir, o->shortName);
             }
-            
+
             if(o->verbose) {
               fprintf(stdout, "# Install: Files mode, copying files to %s..\n", targetDir);
             }
@@ -705,7 +705,7 @@ static int32_t pkg_executeOptions(UPKGOptions *o) {
                 if(o->verbose) {
                   fprintf(stdout, "# Generating assembly code %s of type %s ..\n", gencFilePath, genccodeAssembly);
                 }
-                
+
                 /* Offset genccodeAssembly by 3 because "-a " */
                 if (genccodeAssembly &&
                     (uprv_strlen(genccodeAssembly)>3) &&
@@ -1018,7 +1018,7 @@ static int32_t pkg_createSymLinks(const char *targetDir, UBool specialHandling)
         uprv_strcmp(libFileNames[LIB_FILE_VERSION], libFileNames[LIB_FILE_VERSION_MAJOR]) == 0) {
         return result;
     }
-    
+
     sprintf(cmd, "cd %s && %s %s && %s %s %s",
             targetDir,
             RM_CMD,
@@ -1282,18 +1282,18 @@ static int32_t pkg_archiveLibrary(const char *targetDir, const char *version, UB
                 targetDir,
                 libFileNames[LIB_FILE_VERSION_TMP]);
 
-        result = runCommand(cmd); 
-        if (result != 0) { 
+        result = runCommand(cmd);
+        if (result != 0) {
             fprintf(stderr, "Error creating archive library. Failed command: %s\n", cmd);
-            return result; 
-        } 
-        
-        sprintf(cmd, "%s %s%s", 
-            pkgDataFlags[RANLIB], 
-            targetDir, 
+            return result;
+        }
+
+        sprintf(cmd, "%s %s%s",
+            pkgDataFlags[RANLIB],
+            targetDir,
             libFileNames[LIB_FILE_VERSION]);
-        
-        result = runCommand(cmd); 
+
+        result = runCommand(cmd);
         if (result != 0) {
             fprintf(stderr, "Error creating archive library. Failed command: %s\n", cmd);
             return result;
@@ -1358,11 +1358,11 @@ static int32_t pkg_generateLibraryFile(const char *targetDir, const char mode, c
 
         result = runCommand(cmd);
         if (result == 0) {
-            sprintf(cmd, "%s %s%s", 
-                    pkgDataFlags[RANLIB], 
-                    targetDir, 
-                    libFileNames[LIB_FILE_VERSION]); 
-        
+            sprintf(cmd, "%s %s%s",
+                    pkgDataFlags[RANLIB],
+                    targetDir,
+                    libFileNames[LIB_FILE_VERSION]);
+
             result = runCommand(cmd);
         }
     } else /* if (IN_DLL_MODE(mode)) */ {
@@ -1575,10 +1575,10 @@ static int32_t pkg_createWithoutAssemblyCode(UPKGOptions *o, const char *targetD
 #ifdef USE_SINGLE_CCODE_FILE
     char icudtAll[SMALL_BUFFER_MAX_SIZE] = "";
     FileStream *icudtAllFile = NULL;
-    
+
     sprintf(icudtAll, "%s%s%sall.c",
             o->tmpDir,
-            PKGDATA_FILE_SEP_STRING, 
+            PKGDATA_FILE_SEP_STRING,
             libFileNames[LIB_FILE]);
     /* Remove previous icudtall.c file. */
     if (T_FileStream_file_exists(icudtAll) && (result = remove(icudtAll)) != 0) {
@@ -1619,18 +1619,18 @@ static int32_t pkg_createWithoutAssemblyCode(UPKGOptions *o, const char *targetD
 #ifdef USE_SINGLE_CCODE_FILE
             uprv_strcpy(tempObjectFile, gencmnFile);
             tempObjectFile[uprv_strlen(tempObjectFile) - 1] = 'o';
-            
+
             sprintf(cmd, "%s %s -o %s %s",
                         pkgDataFlags[COMPILER],
                         pkgDataFlags[LIBFLAGS],
                         tempObjectFile,
                         gencmnFile);
-            
+
             result = runCommand(cmd);
             if (result != 0) {
                 break;
             }
-            
+
             sprintf(buffer, "%s",tempObjectFile);
 #endif
         } else {
@@ -1688,7 +1688,7 @@ static int32_t pkg_createWithoutAssemblyCode(UPKGOptions *o, const char *targetD
 #ifndef USE_SINGLE_CCODE_FILE
         uprv_strcpy(tempObjectFile, gencmnFile);
         tempObjectFile[uprv_strlen(tempObjectFile) - 1] = 'o';
-        
+
         sprintf(cmd, "%s %s -o %s %s",
                     pkgDataFlags[COMPILER],
                     pkgDataFlags[LIBFLAGS],
@@ -1704,7 +1704,7 @@ static int32_t pkg_createWithoutAssemblyCode(UPKGOptions *o, const char *targetD
         uprv_strcat(buffer, tempObjectFile);
 
 #endif
-        
+
         if (i > 0) {
             list = list->next;
             listNames = listNames->next;
@@ -1721,7 +1721,7 @@ static int32_t pkg_createWithoutAssemblyCode(UPKGOptions *o, const char *targetD
         pkgDataFlags[LIBFLAGS],
         tempObjectFile,
         icudtAll);
-    
+
     result = runCommand(cmd);
     if (result == 0) {
         uprv_strcat(buffer, " ");
@@ -1798,7 +1798,7 @@ static int32_t pkg_createWindowsDLL(const char mode, const char *gencFilePath, U
 #ifdef CYGWINMSVC
         uprv_strcat(libFilePath, o->libName);
         uprv_strcat(libFilePath, ".lib");
-        
+
         uprv_strcat(dllFilePath, o->libName);
         uprv_strcat(dllFilePath, o->version);
 #else
@@ -1811,7 +1811,7 @@ static int32_t pkg_createWindowsDLL(const char mode, const char *gencFilePath, U
         uprv_strcat(dllFilePath, o->entryName);
 #endif
         uprv_strcat(dllFilePath, DLL_EXT);
-        
+
         uprv_strcpy(tmpResFilePath, o->tmpDir);
         uprv_strcat(tmpResFilePath, PKGDATA_FILE_SEP_STRING);
         uprv_strcat(tmpResFilePath, ICUDATA_RES_FILE);
@@ -1941,9 +1941,9 @@ static UPKGOptions *pkg_checkFlag(UPKGOptions *o) {
             return NULL;
         } else {
             sprintf(tmpbuffer, "%s%s ", o->entryName, UDATA_CMN_INTERMEDIATE_SUFFIX);
-    
+
             T_FileStream_writeLine(f, tmpbuffer);
-    
+
             T_FileStream_close(f);
         }
     }
@@ -1983,7 +1983,7 @@ static UPKGOptions *pkg_checkFlag(UPKGOptions *o) {
 #endif
     // Don't really need a return value, just need to stop compiler warnings about
     // the unused parameter 'o' on platforms where it is not otherwise used.
-    return o;   
+    return o;
 }
 
 static void loadLists(UPKGOptions *o, UErrorCode *status)
@@ -2082,7 +2082,7 @@ static void loadLists(UPKGOptions *o, UErrorCode *status)
                     fprintf(stderr, "pkgdata: Error: absolute path encountered. Old style paths are not supported. Use relative paths such as 'fur.res' or 'translit%cfur.res'.\n\tBad path: '%s'\n", U_FILE_SEP_CHAR, s);
                     exit(U_ILLEGAL_ARGUMENT_ERROR);
                 }
-                tmpLength = uprv_strlen(o->srcDir) + 
+                tmpLength = uprv_strlen(o->srcDir) +
                             uprv_strlen(s) + 5; /* 5 is to add a little extra space for, among other things, PKGDATA_FILE_SEP_STRING */
                 if((tmp = (char *)uprv_malloc(tmpLength)) == NULL) {
                     fprintf(stderr, "pkgdata: Error: Unable to allocate tmp buffer size: %d\n", tmpLength);
@@ -2108,6 +2108,9 @@ static void loadLists(UPKGOptions *o, UErrorCode *status)
     icu::CharString cmdBuf;
     UErrorCode status = U_ZERO_ERROR;
     const char cmd[] = "icu-config --incpkgdatafile";
+#if _TIZEN_FEATURE_
+    const char cmdPath[] = "/usr/bin/icu-config --incpkgdatafile";
+#endif
     char dirBuf[1024] = "";
     /* #1 try the same path where pkgdata was called from. */
     findDirname(progname, dirBuf, UPRV_LENGTHOF(dirBuf), &status);
@@ -2116,8 +2119,14 @@ static void loadLists(UPKGOptions *o, UErrorCode *status)
       if (cmdBuf[0] != 0) {
         cmdBuf.append( U_FILE_SEP_STRING, status );
       }
+#if _TIZEN_FEATURE_
+      else {
+        cmdBuf.append("/usr/bin/", status );
+      }
+#endif
+
       cmdBuf.append( cmd, status );
-      
+
       if(verbose) {
         fprintf(stdout, "# Calling icu-config: %s\n", cmdBuf.data());
       }
@@ -2126,10 +2135,18 @@ static void loadLists(UPKGOptions *o, UErrorCode *status)
 
     if(p.isNull() || (n = fread(buf, 1, UPRV_LENGTHOF(buf)-1, p.getAlias())) <= 0) {
         if(verbose) {
+#if _TIZEN_FEATURE_
+            fprintf(stdout, "# Calling icu-config: %s\n", cmdPath);
+#else
             fprintf(stdout, "# Calling icu-config: %s\n", cmd);
+#endif
         }
 
+#if _TIZEN_FEATURE_
+        p.adoptInstead(popen(cmdPath, "r"));
+#else
         p.adoptInstead(popen(cmd, "r"));
+#endif
         if(p.isNull() || (n = fread(buf, 1, UPRV_LENGTHOF(buf)-1, p.getAlias())) <= 0) {
             fprintf(stderr, "%s: icu-config: No icu-config found. (fix PATH or use -O option)\n", progname);
             return -1;