From d97c123b057df0899cb19888f8786b7071acb184 Mon Sep 17 00:00:00 2001 From: Minje Ahn Date: Thu, 8 Feb 2018 15:40:23 +0900 Subject: [PATCH] [SATIZENVUL-1319]Add cynara check when batch queries Change-Id: I8c3a80d9d693708c675732035e746a199c121c52 Signed-off-by: Minje Ahn --- src/server/media-server-socket.c | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/src/server/media-server-socket.c b/src/server/media-server-socket.c index 5a151d0..e23342c 100755 --- a/src/server/media-server-socket.c +++ b/src/server/media-server-socket.c @@ -660,6 +660,7 @@ void _ms_process_tcp_message(gpointer data, gpointer user_data) ms_comm_msg_s recv_msg; int client_sock = GPOINTER_TO_INT(data); int send_msg = MS_MEDIA_ERR_NONE; + ms_peer_credentials creds; while (1) { if (power_off == TRUE) { @@ -667,8 +668,9 @@ void _ms_process_tcp_message(gpointer data, gpointer user_data) break; } memset((void *)&recv_msg, 0, sizeof(ms_comm_msg_s)); + memset(&creds, 0, sizeof(creds)); - ret = ms_ipc_receive_message_tcp(client_sock, &recv_msg); + ret = ms_cynara_receive_untrusted_message(client_sock, &recv_msg, &creds); if (ret != MS_MEDIA_ERR_NONE) { media_db_request_update_db_batch_clear(); MS_DBG_ERR("ms_ipc_receive_message_tcp failed [%d]", ret); @@ -676,6 +678,18 @@ void _ms_process_tcp_message(gpointer data, gpointer user_data) goto ERROR; } + if (ms_cynara_check(&creds, CONTENT_WRITE_PRIVILEGE) != MS_MEDIA_ERR_NONE) { + media_db_request_update_db_batch_clear(); + MS_SAFE_FREE(creds.smack); + MS_SAFE_FREE(creds.uid); + MS_DBG_ERR("Permission denied"); + send_msg = MS_MEDIA_ERR_PERMISSION_DENIED; + goto ERROR; + } + + MS_SAFE_FREE(creds.smack); + MS_SAFE_FREE(creds.uid); + if (!MS_STRING_VALID(recv_msg.msg)) { send_msg = MS_MEDIA_ERR_INVALID_PARAMETER; goto ERROR; -- 2.7.4