From: MyoungJune Park <mj2004.park@samsung.com>
Date: Tue, 27 Sep 2016 02:29:00 +0000 (+0900)
Subject: Use absolute path of where .so is
X-Git-Tag: submit/tizen/20161206.062944~4
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=b1933100267a2f1a823c6e5b1ea817952e049688;p=platform%2Fcore%2Fappfw%2Flibslp-db-util.git

Use absolute path of where .so is

Loading a library dynamically without specifying an absolute path could
allow an attacker to link a malicious library by changing
`$LD_LIBRARY_PATH` or other aspects of the program's execution
environment

Change-Id: I664e7530b9ffb8415a2d5b38ed8c2988f901f533
Signed-off-by: MyoungJune Park <mj2004.park@samsung.com>
---

diff --git a/collation.c b/collation.c
index 5b38fb5..93e3320 100644
--- a/collation.c
+++ b/collation.c
@@ -54,6 +54,7 @@
 			}while(0)
 
 #define DB_UTIL_ERR_COL_FUNC_RET DB_UTIL_ERROR
+#define ICUI18N_LIBPATH "/usr/lib/libicui18n.so"
 
 enum {
 	DB_UTIL_ERR_DLOPEN = -10,
@@ -118,7 +119,7 @@ static int __db_util_dl_load_icu()
 	};
 
 	if(g_dl_icu_handle == NULL) {
-		g_dl_icu_handle = dlopen("libicui18n.so", RTLD_LAZY | RTLD_GLOBAL);
+		g_dl_icu_handle = dlopen(ICUI18N_LIBPATH, RTLD_LAZY | RTLD_GLOBAL);
 		if(g_dl_icu_handle == NULL) {
 			DB_UTIL_TRACE_WARNING("dlopen icu so fail");
 			return DB_UTIL_ERR_DLOPEN;