From 0946fcde08e4ec78cdcb215018133f59800217dc Mon Sep 17 00:00:00 2001 From: Minje Ahn Date: Wed, 7 Mar 2018 08:36:23 +0900 Subject: [PATCH] Modified to check suffix before symbolic link check Some case, user input the directory path containing '/' suffix Change-Id: Ibcdae6728189413aeb46a5c895294a379264c7fd Signed-off-by: Minje Ahn --- src/media_content.c | 28 +++++++++++++++++++--------- src/media_util_private.c | 28 +++++++++++++++++++--------- 2 files changed, 38 insertions(+), 18 deletions(-) diff --git a/src/media_content.c b/src/media_content.c index b6f2474..0e708e6 100755 --- a/src/media_content.c +++ b/src/media_content.c @@ -1459,6 +1459,7 @@ static int __media_content_check_dir(const char *path) { DIR *dp = NULL; char *real = NULL; + char *origin = NULL; #ifndef _USE_TVPD_MODE char result_path[MAX_PATH_LEN] = {0, }; #endif @@ -1477,35 +1478,44 @@ static int __media_content_check_dir(const char *path) /* Check symbolic link directory */ real = realpath(path, NULL); + /* remove if suffix is '/' */ + if (g_str_has_suffix(path, "/")) + origin = g_strndup(path, strlen(path) - 1); + else + origin = g_strdup(path); #ifdef _USE_TVPD_MODE - if (g_strcmp0(real, path) != 0) { - SAFE_FREE(real); + if (g_strcmp0(real, origin) != 0) { media_content_error("symbolic link(directory)"); - media_content_sec_debug("path : %s", path); + media_content_sec_debug("path[%s] real[%s]", origin, real); + SAFE_FREE(real); + SAFE_FREE(origin); return MEDIA_CONTENT_ERROR_INVALID_PARAMETER; } #else if (g_str_has_prefix(real, MEDIA_SHARE_PATH)) { /* If shared dirctory, it should be change path to TZ_USER_SHARE from realpath */ snprintf(result_path, MAX_PATH_LEN, "%s%s", tzplatform_getenv(TZ_USER_MEDIASHARED), real + strlen(MEDIA_SHARE_PATH)); - if (g_strcmp0(result_path, path) != 0) { - SAFE_FREE(real); + if (g_strcmp0(result_path, origin) != 0) { media_content_error("symbolic link(directory)"); - media_content_sec_debug("path : %s", path); + media_content_sec_debug("path[%s] real[%s]", origin, real); + SAFE_FREE(real); + SAFE_FREE(origin); return MEDIA_CONTENT_ERROR_INVALID_PARAMETER; } } else { - if (g_strcmp0(real, path) != 0) { - SAFE_FREE(real); + if (g_strcmp0(real, origin) != 0) { media_content_error("symbolic link(directory)"); - media_content_sec_debug("path : %s", path); + media_content_sec_debug("path[%s] real[%s]", origin, real); + SAFE_FREE(real); + SAFE_FREE(origin); return MEDIA_CONTENT_ERROR_INVALID_PARAMETER; } } #endif SAFE_FREE(real); + SAFE_FREE(origin); return MEDIA_CONTENT_ERROR_NONE; } diff --git a/src/media_util_private.c b/src/media_util_private.c index fb6a2c1..aee3535 100755 --- a/src/media_util_private.c +++ b/src/media_util_private.c @@ -82,6 +82,7 @@ int _media_util_check_ignore_file(const char *path, bool *ignore) *ignore = FALSE; char *tmp_path = NULL; + char *org_path = NULL; #ifndef _USE_TVPD_MODE char replace[MAX_PATH_LEN] = {0, }; @@ -105,37 +106,46 @@ int _media_util_check_ignore_file(const char *path, bool *ignore) /* Check symbolic directory */ tmp_path = realpath(path, NULL); + /* remove if suffix is '/' */ + if (g_str_has_suffix(path, "/")) + org_path = g_strndup(path, strlen(path) - 1); + else + org_path = g_strdup(path); #ifdef _USE_TVPD_MODE - if (g_strcmp0(tmp_path, path) != 0) { + if (g_strcmp0(tmp_path, org_path) != 0) { *ignore = TRUE; - SAFE_FREE(tmp_path); media_content_error("symbolic link(directory)"); - media_content_sec_debug("path : %s", path); + media_content_sec_debug("path[%s] real[%s]", org_path, tmp_path); + SAFE_FREE(tmp_path); + SAFE_FREE(org_path); return MEDIA_CONTENT_ERROR_INVALID_PARAMETER; } #else if (g_str_has_prefix(tmp_path, MEDIA_SHARE_PATH)) { /* If shared dirctory, it should be change path to TZ_USER_SHARE from realpath */ snprintf(replace, MAX_PATH_LEN, "%s%s", tzplatform_getenv(TZ_USER_MEDIASHARED), tmp_path + strlen(MEDIA_SHARE_PATH)); - if (g_strcmp0(replace, path) != 0) { + if (g_strcmp0(replace, org_path) != 0) { *ignore = TRUE; - SAFE_FREE(tmp_path); media_content_error("symbolic link(directory)"); - media_content_sec_debug("path : %s", path); + media_content_sec_debug("path[%s] real[%s]", org_path, tmp_path); + SAFE_FREE(tmp_path); + SAFE_FREE(org_path); return MEDIA_CONTENT_ERROR_INVALID_PARAMETER; } } else { - if (g_strcmp0(tmp_path, path) != 0) { + if (g_strcmp0(tmp_path, org_path) != 0) { *ignore = TRUE; - SAFE_FREE(tmp_path); media_content_error("symbolic link(directory)"); - media_content_sec_debug("path : %s", path); + media_content_sec_debug("path[%s] real[%s]", org_path, tmp_path); + SAFE_FREE(tmp_path); + SAFE_FREE(org_path); return MEDIA_CONTENT_ERROR_INVALID_PARAMETER; } } #endif SAFE_FREE(tmp_path); + SAFE_FREE(org_path); return MEDIA_CONTENT_ERROR_NONE; } -- 2.7.4