From 534bcc90fcc624907dfb2e9912e62b5183572401 Mon Sep 17 00:00:00 2001
From: Seonah Moon <seonah1.moon@samsung.com>
Date: Mon, 4 Mar 2019 18:05:02 +0900
Subject: [PATCH] [Security vulnerability] Access to a symbolic link

Change-Id: I2207dbe4a72d87cd6665fd27dfc97a30b4617b49
---
 agent/download-agent-file.c | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/agent/download-agent-file.c b/agent/download-agent-file.c
index 1000347..06b76f9 100755
--- a/agent/download-agent-file.c
+++ b/agent/download-agent-file.c
@@ -47,6 +47,7 @@ da_ret_t __saved_file_open(file_info_t *file_info)
 {
 	da_ret_t ret = DA_RESULT_OK;
 	char *actual_file_path = DA_NULL;
+	char *resolved_path = DA_NULL;
 	void *fd = DA_NULL;
 
 	DA_LOGV("");
@@ -55,6 +56,17 @@ da_ret_t __saved_file_open(file_info_t *file_info)
 	if (!actual_file_path)
 		return DA_ERR_INVALID_ARGUMENT;
 
+	resolved_path = realpath(actual_file_path, NULL);
+	if (resolved_path) {
+		/* Check if actual_file_path is symbolic file or not */
+		if (strcmp(resolved_path, actual_file_path) != 0) {
+			free(resolved_path);
+			return DA_ERR_INVALID_ARGUMENT;
+		}
+	} else if (errno != ENOENT) {
+		return DA_ERR_INVALID_ARGUMENT;
+	}
+
 	fd = fopen(actual_file_path, "a+"); // for resume
 	if (fd == DA_NULL) {
 		DA_LOGE("File open failed");
@@ -69,7 +81,7 @@ da_ret_t __saved_file_open(file_info_t *file_info)
 ERR:
 	if (DA_RESULT_OK != ret)
 		file_info->file_handle = DA_NULL;
-
+	free(resolved_path);
 	return ret;
 }
 
-- 
2.7.4