From: Rafal Walczyna Date: Wed, 13 Jun 2018 10:28:41 +0000 (+0200) Subject: [FileSystem] Fix open file mode security issue X-Git-Tag: submit/tizen/20180628.091114~4 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=b3d6f98e26528afc2d78267f283347b54b76917b;p=platform%2Fcore%2Fapi%2Fwebapi-plugins.git [FileSystem] Fix open file mode security issue [Bug] Privileges could be ommited by overriding JS function what leads to unauthorized access to files. [Verification] TCT 100% pass SATIZENVUL-1461 Change-Id: I801096bacd4447f915588f07a4a96bc8c147fd1e Signed-off-by: Rafal Walczyna --- diff --git a/src/filesystem/filesystem_instance.cc b/src/filesystem/filesystem_instance.cc index 733d75d3..4aa6f579 100644 --- a/src/filesystem/filesystem_instance.cc +++ b/src/filesystem/filesystem_instance.cc @@ -59,14 +59,14 @@ bool WriteAccessRequested(const picojson::value& args) { ScopeLogger(); const std::string& open_mode = args.get("openMode").get(); - return std::string::npos != open_mode.find("w") || "a" == open_mode; + return "a" == open_mode || "rw" == open_mode || "rwo" == open_mode || "w" == open_mode; } bool ReadAccessRequested(const picojson::value& args) { ScopeLogger(); const std::string& open_mode = args.get("openMode").get(); - return std::string::npos != open_mode.find("r"); + return "r" == open_mode || "rw" == open_mode || "rwo" == open_mode; } bool ShouldMakeParents(const picojson::value& args) { @@ -1279,12 +1279,25 @@ void FilesystemInstance::FileSystemManagerOpenFile(const picojson::value& args, return; } + bool access_checked = false; if (WriteAccessRequested(args)) { CHECK_PRIVILEGE_ACCESS(kPrivilegeFilesystemWrite, &out); + access_checked = true; } if (ReadAccessRequested(args)) { CHECK_PRIVILEGE_ACCESS(kPrivilegeFilesystemRead, &out); + access_checked = true; + } + + // File open mode received from JS layer can be different than expected by + // WriteAccessRequested and ReadAccessRequested functions. In case like that + // privilege would not be checked and user could gain unauthorized access to file. + // To prevent this situation we only accept specific open modes. + if (false == access_checked) { + const std::string& open_mode = args.get("openMode").get(); + LogAndReportError(TypeMismatchException("Invalid open mode: " + open_mode), out); + return; } const std::string& path = args.get("path").get();