From: Sangdok Mo <sd.mo@samsung.com>
Date: Wed, 26 Jul 2017 03:07:38 +0000 (+0900)
Subject: [security] added check routine for symbolic link file
X-Git-Tag: submit/tizen/20170726.061422~2^2
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=refs%2Fchanges%2F69%2F140669%2F2;p=platform%2Fcore%2Fapi%2Fmaps-service.git

[security] added check routine for symbolic link file

Change-Id: I5d5fd17eec5a7f1495d6b4359a2fa8ae749b526b
Signed-off-by: Sangdok Mo <sd.mo@samsung.com>
---

diff --git a/src/api/maps_view_snapshot.cpp b/src/api/maps_view_snapshot.cpp
index 3c6e6d1..da1e9a8 100644
--- a/src/api/maps_view_snapshot.cpp
+++ b/src/api/maps_view_snapshot.cpp
@@ -15,6 +15,7 @@
  */
 
 #include <stdlib.h>
+#include <sys/stat.h>
 #include <image_util.h>
 #include <unistd.h> /* access */
 
@@ -67,6 +68,16 @@ static bool __encode_bitmap_file(const void *data, int width, int height, const
               unsigned int nimpcolors;
        } bmp_dib_v3_header_t = { 0x28, 0, 0, 1, 24, 0, 0, 0, 0, 0, 0 };
 
+	   struct stat file_info;
+	   if (0 != lstat(file, &file_info)) {
+              MAPS_LOGE("lstat failed"); //LCOV_EXCL_LINE
+              return false;
+	   }
+	   if (S_ISLNK(file_info.st_mode)) {
+              MAPS_LOGE("symbolic linked file"); //LCOV_EXCL_LINE
+              return false;
+	   }
+
        unsigned int *blocks;
        FILE *fp = fopen(file, "w+");
        int i;