From 4226be317257abd71a38a1b0f359650c16010d75 Mon Sep 17 00:00:00 2001
From: Jeesun Kim <iamjs.kim@samsung.com>
Date: Thu, 19 Oct 2017 11:51:24 +0900
Subject: [PATCH] Block not to link crossly.

Change-Id: Iedabcffa04a5b3dba35772638b0c944b86592c38
---
 server/db/cal_db_link.c | 42 +++++++++++++++++++++++++++++++++++++-----
 1 file changed, 37 insertions(+), 5 deletions(-)

diff --git a/server/db/cal_db_link.c b/server/db/cal_db_link.c
index b1c33fd..3abfbcc 100644
--- a/server/db/cal_db_link.c
+++ b/server/db/cal_db_link.c
@@ -32,6 +32,8 @@
 
 int cal_db_link_record(int base_id, int linked_id)
 {
+	RETV_IF(base_id == linked_id, CALENDAR_ERROR_INVALID_PARAMETER);
+
 	int ret = 0;
 	char query[CAL_DB_SQL_MAX_LEN] = {0};
 
@@ -39,6 +41,8 @@ int cal_db_link_record(int base_id, int linked_id)
 	RETVM_IF(CALENDAR_ERROR_NONE != ret, ret, "cal_db_util_begin_trans() Fail");
 
 	calendar_record_h record = NULL;
+	cal_record_s *record_s = NULL;
+	/* check linked_id validation */
 	ret = cal_db_get_record(_calendar_event._uri, linked_id, &record);
 	if (CALENDAR_ERROR_NONE != ret) {
 		/* LCOV_EXCL_START */
@@ -47,7 +51,28 @@ int cal_db_link_record(int base_id, int linked_id)
 		return ret;
 		/* LCOV_EXCL_STOP */
 	}
-	cal_record_s *record_s = (cal_record_s *)record;
+	record_s = (cal_record_s *)record;
+	if (CAL_STRING_EQUAL != strcmp(record_s->view_uri, CALENDAR_VIEW_EVENT)) {
+		/* LCOV_EXCL_START */
+		DBG("This link is invalid in event");
+		calendar_record_destroy(record, true);
+		cal_db_util_end_trans(false);
+		return CALENDAR_ERROR_INVALID_PARAMETER;
+		/* LCOV_EXCL_STOP */
+	}
+	calendar_record_destroy(record, true);
+	record = NULL;
+
+	/* check base_id validation */
+	ret = cal_db_get_record(_calendar_event._uri, base_id, &record);
+	if (CALENDAR_ERROR_NONE != ret) {
+		/* LCOV_EXCL_START */
+		ERR("cal_db_get_record() Fail(%d)", ret);
+		cal_db_util_end_trans(false);
+		return ret;
+		/* LCOV_EXCL_STOP */
+	}
+	record_s = (cal_record_s *)record;
 	if (CAL_STRING_EQUAL != strcmp(record_s->view_uri, CALENDAR_VIEW_EVENT)) {
 		/* LCOV_EXCL_START */
 		DBG("This link is invalid in event");
@@ -56,12 +81,22 @@ int cal_db_link_record(int base_id, int linked_id)
 		return CALENDAR_ERROR_INVALID_PARAMETER;
 		/* LCOV_EXCL_STOP */
 	}
+	cal_event_s *event_s = (cal_event_s *)record;
+	if (event_s->link_base_id == linked_id) {
+		/* LCOV_EXCL_START */
+		DBG("Invalid argument: Tried to link cross link");
+		calendar_record_destroy(record, true);
+		cal_db_util_end_trans(false);
+		return CALENDAR_ERROR_INVALID_PARAMETER;
+		/* LCOV_EXCL_STOP */
+	}
+	calendar_record_destroy(record, true);
 
 	/* if linked record already has base, reduce base linked count. */
 	snprintf(query, sizeof(query), "UPDATE "CAL_TABLE_SCHEDULE" SET link_count = link_count -1 "
 			"WHERE id = (SELECT link_base_id FROM "CAL_TABLE_SCHEDULE" WHERE id = %d) AND type = %d "
 			"AND (SELECT link_base_id FROM "CAL_TABLE_SCHEDULE" WHERE id = %d) > 0 ",
-			linked_id, CALENDAR_BOOK_TYPE_EVENT, linked_id);
+			linked_id, CALENDAR_BOOK_TYPE_EVENT, linked_id, base_id);
 
 	ret = cal_db_util_query_exec(query);
 	if (CALENDAR_ERROR_NONE != ret) {
@@ -81,7 +116,6 @@ int cal_db_link_record(int base_id, int linked_id)
 		/* LCOV_EXCL_START */
 		ERR("cal_db_util_query_exec() Fail(%d)", ret);
 		SECURE("[%s]", query);
-		calendar_record_destroy(record, true);
 		cal_db_util_end_trans(false);
 		return ret;
 		/* LCOV_EXCL_STOP */
@@ -96,7 +130,6 @@ int cal_db_link_record(int base_id, int linked_id)
 		/* LCOV_EXCL_START */
 		ERR("cal_db_util_query_exec() Fail(%d)", ret);
 		SECURE("[%s]", query);
-		calendar_record_destroy(record, true);
 		cal_db_util_end_trans(false);
 		return ret;
 		/* LCOV_EXCL_STOP */
@@ -108,7 +141,6 @@ int cal_db_link_record(int base_id, int linked_id)
 	 * we choose case 1. so modify alarm logic not to pick liked record alarm.
 	 */
 
-	calendar_record_destroy(record, true);
 	cal_db_util_end_trans(true);
 
 	return ret;
-- 
2.7.4