From e74391e7b119bce4572bd1fa2ffa1313a9877140 Mon Sep 17 00:00:00 2001 From: "wn.jang" Date: Wed, 29 Jun 2022 14:52:08 +0900 Subject: [PATCH] Check whether symbolic link or real file If open a file in write mode and do not check whether the file is a symbolic link or not, the file can be overwritten unintentionally. So, this commit will check whether the file is symbolic link or real file. Change-Id: I9db8c0287b479ef7474a2525fc1de3bd39e47e22 --- common/vc_info_parser.c | 46 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 46 insertions(+) diff --git a/common/vc_info_parser.c b/common/vc_info_parser.c index d4b48ac..56ce84b 100644 --- a/common/vc_info_parser.c +++ b/common/vc_info_parser.c @@ -364,6 +364,45 @@ int vc_info_parser_unset_result(bool exclusive) return ret; } +static int __is_symbolic_link(const char* path, bool* is_symbolic) +{ + extern int errno; + int ret = VC_ERROR_NONE; + *is_symbolic = true; + char real_path[PATH_MAX]; + SLOG(LOG_DEBUG, vc_info_tag(), "[DEBUG] path: %s ", path); + if (realpath(path, real_path) != NULL) { + if (strncmp(path, real_path, strlen(path) + 1) == 0) { + SLOG(LOG_DEBUG, vc_info_tag(), "[DEBUG] %s is real file, not symbolic link", path); + *is_symbolic = false; + } else { + char temp_path[PATH_MAX]; + if (getcwd(temp_path, PATH_MAX)) { + strncat(temp_path, "/", sizeof(temp_path) - strlen(temp_path) - 1); + strncat(temp_path, path, sizeof(temp_path) - strlen(temp_path) - 1); + if (strncmp(temp_path, real_path, strlen(temp_path) + 1) == 0) { + SLOG(LOG_DEBUG, vc_info_tag(), "[DEBUG] %s is real file, not symbolic link", path); + *is_symbolic = false; + } + } + } + + if (*is_symbolic == true) + SLOG(LOG_ERROR, vc_info_tag(), "[INFO] %s is symbolic link", path); + return VC_ERROR_NONE; + } else { + *is_symbolic = false; + if (errno == ENOENT) { + SLOG(LOG_DEBUG, vc_info_tag(), "[DEBUG] No such file or directory: %s", path); + return VC_ERROR_OPERATION_REJECTED; + } else { + SLOG(LOG_ERROR, vc_info_tag(), "[ERROR] error is %d", errno); + return VC_ERROR_OPERATION_FAILED; + } + } + return ret; +} + int vc_info_parser_set_nlu_result(const char* nlu_result) { if (NULL == nlu_result) { @@ -380,6 +419,13 @@ int vc_info_parser_set_nlu_result(const char* nlu_result) FILE* fp = NULL; int write_size = -1; + bool is_symbolic = true; + int ret = __is_symbolic_link(VC_RUNTIME_INFO_NLU_RESULT, &is_symbolic); + if (is_symbolic || VC_ERROR_OPERATION_FAILED == ret) { + SLOG(LOG_ERROR, vc_info_tag(), "[ERROR] Fail to open file, it is symbolic link : %s", VC_RUNTIME_INFO_NLU_RESULT); + return -1; + } + fp = fopen(VC_RUNTIME_INFO_NLU_RESULT, "w+"); if (NULL == fp) { SLOG(LOG_ERROR, vc_info_tag(), "[ERROR] Fail to open file %s", VC_RUNTIME_INFO_NLU_RESULT); -- 2.7.4