From: adhavan.m <adhavan.m@samsung.com>
Date: Wed, 6 Nov 2019 14:45:34 +0000 (+0530)
Subject: Verify pull path in do_stat itself to fix security issue in VD.
X-Git-Tag: submit/tizen/20191107.091911^0
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=9f536fd01ced73f76449260ce94df3754f6af58d;p=sdk%2Ftarget%2Fsdbd.git

Verify pull path in do_stat itself to fix security issue in VD.

Signed-off-by: adhavan.m <adhavan.m@samsung.com>
---

diff --git a/src/file_sync_service.c b/src/file_sync_service.c
index 6ebbd0b..8ec4268 100644
--- a/src/file_sync_service.c
+++ b/src/file_sync_service.c
@@ -164,12 +164,21 @@ static int mkdirs(int noti_fd, char *name)
     return 0;
 }
 
-static int do_stat(int s, const char *path)
+static int do_stat(int s, const char *path, const char* cmd)
 {
     syncmsg msg;
     struct stat st;
 
     msg.stat.id = ID_STAT;
+    if (cmd && !strncmp(cmd, "pull", 4)) {
+        if (!request_validity_to_plugin(PLUGIN_SYNC_CMD_VERIFY_PULL, path)) {
+            D("cannot pull files from this path.\n");
+            msg.stat.mode = 1;
+            msg.stat.size = 0;
+            msg.stat.time = 0;
+            return writex(s, &msg.stat, sizeof(msg.stat));
+        }
+    }
 
     /* follow link */
     if(stat(path, &st)) {
@@ -583,6 +592,8 @@ void file_sync_service(int fd, void *cookie)
     struct timeval timeout;
     int rv;
     int s[2];
+    char* cmd = (char*)cookie;
+    D("file_sync_service cmd: %s\n", cmd);
 
     if(sdb_socketpair(s)) {
         E("cannot create service socket pair\n");
@@ -650,7 +661,7 @@ void file_sync_service(int fd, void *cookie)
 
             switch(msg.req.id) {
             case ID_STAT:
-                if(do_stat(fd, name)) goto fail;
+                if(do_stat(fd, name, cmd)) goto fail;
                 break;
             case ID_LIST:
                 if(do_list(fd, name)) goto fail;
diff --git a/src/services.c b/src/services.c
index d3d83ff..1a7bebd 100644
--- a/src/services.c
+++ b/src/services.c
@@ -893,11 +893,11 @@ static int create_sync_subprocess(void (*func)(int, void *), void* cookie) {
     return s[0];
 }
 
-static int create_syncproc_thread()
+static int create_syncproc_thread(const char *cmd)
 {
     int ret_fd;
 
-    ret_fd = create_sync_subprocess(file_sync_service, NULL);
+    ret_fd = create_sync_subprocess(file_sync_service, cmd);
     // FIXME: file missing bug when root on mode
     /*
     if (should_drop_privileges()) {
@@ -1540,7 +1540,7 @@ int service_to_fd(const char *name)
         }
     } else if(!strncmp(name, "sync:", 5)) {
         //ret = create_service_thread(file_sync_service, NULL);
-        ret = create_syncproc_thread();
+        ret = create_syncproc_thread(name + 5);
     }/*  else if(!strncmp(name, "remount:", 8)) {
         ret = create_service_thread(remount_service, NULL);
     } else if(!strncmp(name, "reboot:", 7)) {