From 4f32864a3d3b55c4389054614641307f0fa38115 Mon Sep 17 00:00:00 2001 From: Sangjin Lee Date: Wed, 19 Jul 2017 19:50:46 +0900 Subject: [PATCH] e_util: add function to check whether file is link or not According to security code guide, before open the file for write it should be check the file is symbolic link. Change-Id: I6273b886fe165e1420e8c3619f2b9cda1c0fe150 --- src/bin/e_comp_wl_input.c | 5 +++++ src/bin/e_main.c | 11 +++++++++-- src/bin/e_module.c | 16 ++++++++++++++-- src/bin/e_utils.c | 24 ++++++++++++++++++++++++ src/bin/e_utils.h | 2 ++ 5 files changed, 54 insertions(+), 4 deletions(-) diff --git a/src/bin/e_comp_wl_input.c b/src/bin/e_comp_wl_input.c index 8a250da..1f81d90 100644 --- a/src/bin/e_comp_wl_input.c +++ b/src/bin/e_comp_wl_input.c @@ -343,6 +343,11 @@ _e_comp_wl_input_keymap_cache_create(const char *keymap_path, char *keymap_data) if (keymap_path) { + if (!e_util_file_realpath_check(keymap_path, EINA_TRUE)) + { + WRN("%s is maybe link, so delete it\n", keymap_path); + } + file = fopen(keymap_path, "w"); EINA_SAFETY_ON_NULL_RETURN(file); diff --git a/src/bin/e_main.c b/src/bin/e_main.c index ea12c33..11a7025 100644 --- a/src/bin/e_main.c +++ b/src/bin/e_main.c @@ -1267,8 +1267,14 @@ static void _e_main_create_wm_ready(void) { FILE *_wmready_checker = NULL; + const char *path_wm_ready = "/run/.wm_ready"; - _wmready_checker = fopen("/run/.wm_ready", "wb"); + if (!e_util_file_realpath_check(path_wm_ready, EINA_TRUE)) + { + WRN("%s is maybe link, so delete it\n", path_wm_ready); + } + + _wmready_checker = fopen(path_wm_ready, "wb"); if (_wmready_checker) { TS("[WM] WINDOW MANAGER is READY!!!"); @@ -1277,7 +1283,8 @@ _e_main_create_wm_ready(void) /*TODO: Next lines should be removed. */ FILE *_tmp_wm_ready_checker; - _tmp_wm_ready_checker = fopen("/tmp/.wm_ready", "wb"); + + _tmp_wm_ready_checker = fopen(path_wm_ready, "wb"); if (_tmp_wm_ready_checker) { diff --git a/src/bin/e_module.c b/src/bin/e_module.c index 594b49b..cf6d8ea 100644 --- a/src/bin/e_module.c +++ b/src/bin/e_module.c @@ -892,8 +892,15 @@ static void _e_module_create_wm_start(void) { FILE *_wm_start_checker = NULL; + const char *path_wm_start_run = "/run/wm_start"; + const char *path_wm_start_tmp = "/tmp/wm_start"; - _wm_start_checker = fopen("/run/wm_start", "wb"); + if (!e_util_file_realpath_check(path_wm_start_run, EINA_TRUE)) + { + WRN("%s is maybe link, so delete it\n", path_wm_start_run); + } + + _wm_start_checker = fopen(path_wm_start_run, "wb"); if (_wm_start_checker) { PRCTL("[Winsys] /run/wm_start is created"); @@ -904,7 +911,12 @@ _e_module_create_wm_start(void) PRCTL("[Winsys] Failed to create /run/wm_start"); } - _wm_start_checker = fopen("/tmp/wm_start", "wb"); + if (!e_util_file_realpath_check(path_wm_start_tmp, EINA_TRUE)) + { + WRN("%s is maybe link, so delete it\n", path_wm_start_tmp); + } + + _wm_start_checker = fopen(path_wm_start_tmp, "wb"); if (_wm_start_checker) { PRCTL("[Winsys] /tmp/wm_start is created"); diff --git a/src/bin/e_utils.c b/src/bin/e_utils.c index 557dfbb..b41dd3c 100644 --- a/src/bin/e_utils.c +++ b/src/bin/e_utils.c @@ -1159,3 +1159,27 @@ e_util_memclear(void *s, size_t n) { memset_ptr(s, 0, n); } + +E_API Eina_Bool +e_util_file_realpath_check(const char* path, Eina_Bool del_link) +{ + char *real_path; + + if (!path) + return EINA_FALSE; + + real_path = realpath(path, NULL); + if (real_path && strncmp(path, real_path, strlen(path))) + { + if (del_link) + unlink(path); + free(real_path); + + return EINA_FALSE; + } + + if (real_path) + free(real_path); + + return EINA_TRUE; +} \ No newline at end of file diff --git a/src/bin/e_utils.h b/src/bin/e_utils.h index 00ae522..373ad6a 100644 --- a/src/bin/e_utils.h +++ b/src/bin/e_utils.h @@ -36,6 +36,8 @@ E_API const char *e_util_filename_escape(const char *filename); //E_API char *e_util_shell_env_path_eval(const char *path); E_API char *e_util_size_string_get(off_t size); E_API char *e_util_file_time_get(time_t ftime); +E_API Eina_Bool e_util_file_realpath_check(const char* path, Eina_Bool del_link); + E_API Evas_Object *e_util_icon_add(const char *path, Evas *evas); //E_API Evas_Object *e_util_desktop_icon_add(Efreet_Desktop *desktop, unsigned int size, Evas *evas); E_API Evas_Object *e_util_icon_theme_icon_add(const char *icon_name, unsigned int size, Evas *evas); -- 2.7.4