From: wn.jang <wn.jang@samsung.com>
Date: Wed, 29 Jun 2022 05:52:08 +0000 (+0900)
Subject: Check whether symbolic link or real file
X-Git-Tag: accepted/tizen/unified/20220728.044817~1
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=refs%2Fchanges%2F09%2F277009%2F5;p=platform%2Fcore%2Fuifw%2Fvoice-control.git

Check whether symbolic link or real file

If open a file in write mode and do not check whether the file is a symbolic link or not, the file can be overwritten unintentionally.
So, this commit will check whether the file is symbolic link or real file.

Change-Id: I9db8c0287b479ef7474a2525fc1de3bd39e47e22
---

diff --git a/common/vc_info_parser.c b/common/vc_info_parser.c
index d4b48ac..56ce84b 100644
--- a/common/vc_info_parser.c
+++ b/common/vc_info_parser.c
@@ -364,6 +364,45 @@ int vc_info_parser_unset_result(bool exclusive)
 	return ret;
 }
 
+static int __is_symbolic_link(const char* path, bool* is_symbolic)
+{
+	extern int errno;
+	int ret = VC_ERROR_NONE;
+	*is_symbolic = true;
+	char real_path[PATH_MAX];
+	SLOG(LOG_DEBUG, vc_info_tag(), "[DEBUG] path: %s ", path);
+	if (realpath(path, real_path) != NULL) {
+		if (strncmp(path, real_path, strlen(path) + 1) == 0) {
+			SLOG(LOG_DEBUG, vc_info_tag(), "[DEBUG] %s is real file, not symbolic link", path);
+			*is_symbolic = false;
+		} else {
+			char temp_path[PATH_MAX];
+			if (getcwd(temp_path, PATH_MAX)) {
+				strncat(temp_path, "/", sizeof(temp_path) - strlen(temp_path) - 1);
+				strncat(temp_path, path, sizeof(temp_path) - strlen(temp_path) - 1);
+				if (strncmp(temp_path, real_path, strlen(temp_path) + 1) == 0) {
+					SLOG(LOG_DEBUG, vc_info_tag(), "[DEBUG] %s is real file, not symbolic link", path);
+					*is_symbolic = false;
+				}
+			}
+		}
+
+		if (*is_symbolic == true)
+			SLOG(LOG_ERROR, vc_info_tag(), "[INFO] %s is symbolic link", path);
+		return VC_ERROR_NONE;
+	} else {
+		*is_symbolic = false;
+		if (errno == ENOENT) {
+			SLOG(LOG_DEBUG, vc_info_tag(), "[DEBUG] No such file or directory: %s", path);
+			return VC_ERROR_OPERATION_REJECTED;
+		} else {
+			SLOG(LOG_ERROR, vc_info_tag(), "[ERROR] error is %d", errno);
+			return VC_ERROR_OPERATION_FAILED;
+		}
+	}
+	return ret;
+}
+
 int vc_info_parser_set_nlu_result(const char* nlu_result)
 {
 	if (NULL == nlu_result) {
@@ -380,6 +419,13 @@ int vc_info_parser_set_nlu_result(const char* nlu_result)
 	FILE* fp = NULL;
 	int write_size = -1;
 
+	bool is_symbolic = true;
+	int ret = __is_symbolic_link(VC_RUNTIME_INFO_NLU_RESULT, &is_symbolic);
+	if (is_symbolic || VC_ERROR_OPERATION_FAILED == ret) {
+		SLOG(LOG_ERROR, vc_info_tag(), "[ERROR] Fail to open file, it is symbolic link : %s", VC_RUNTIME_INFO_NLU_RESULT);
+		return -1;
+	}
+
 	fp = fopen(VC_RUNTIME_INFO_NLU_RESULT, "w+");
 	if (NULL == fp) {
 		SLOG(LOG_ERROR, vc_info_tag(), "[ERROR] Fail to open file %s", VC_RUNTIME_INFO_NLU_RESULT);