From c489001286600f787f0b69d7d53e9836a250e435 Mon Sep 17 00:00:00 2001 From: Jaeyun Date: Tue, 30 Apr 2019 17:19:41 +0900 Subject: [PATCH] [Subplugin] check symlink before getting handle Add code to check symlink before open file handle. (fix one of security issues) Signed-off-by: Jaeyun Jung --- gst/nnstreamer/nnstreamer_subplugin.c | 5 ++++- gst/nnstreamer/tensor_filter/tensor_filter_custom.c | 8 ++++++++ 2 files changed, 12 insertions(+), 1 deletion(-) diff --git a/gst/nnstreamer/nnstreamer_subplugin.c b/gst/nnstreamer/nnstreamer_subplugin.c index 04c09ee..2a4c3d9 100644 --- a/gst/nnstreamer/nnstreamer_subplugin.c +++ b/gst/nnstreamer/nnstreamer_subplugin.c @@ -74,7 +74,10 @@ get_subplugin (subpluginType type, const char *name) /* Search and register if found with the conf */ const gchar *fullpath = nnsconf_get_fullpath (name, type); - if (fullpath == NULL) + /** + * @todo Consider to add option to open symbolic link file and version-specified library name. + */ + if (fullpath == NULL || g_file_test (fullpath, G_FILE_TEST_IS_SYMLINK)) goto error; /* No Such Thing !!! */ G_UNLOCK (splock); diff --git a/gst/nnstreamer/tensor_filter/tensor_filter_custom.c b/gst/nnstreamer/tensor_filter/tensor_filter_custom.c index 7f94bee..9a8f47d 100644 --- a/gst/nnstreamer/tensor_filter/tensor_filter_custom.c +++ b/gst/nnstreamer/tensor_filter/tensor_filter_custom.c @@ -70,6 +70,14 @@ custom_loadlib (const GstTensorFilterProperties * prop, void **private_data) return -1; } + /** + * @todo Consider to add option to open symbolic link file and version-specified library name. + */ + if (g_file_test (prop->model_file, G_FILE_TEST_IS_SYMLINK)) { + /* symbolic link */ + return -1; + } + ptr = g_new0 (internal_data, 1); /* Fill Zero! */ *private_data = ptr; -- 2.7.4