Add codes to check path of icon path

[platform/core/appfw/pkgmgr-server.git] / src / pkgmgr-server.c

diff --git a/src/pkgmgr-server.c b/src/pkgmgr-server.c
index 38fdaa2..e7559f7 100644 (file)
--- a/src/pkgmgr-server.c
+++ b/src/pkgmgr-server.c
@@ -1775,7 +1775,32 @@ static int __process_set_app_label(struct backend_job *job)
 static int __process_set_app_icon(struct backend_job *job)
 {
        int ret;
+       pkgmgrinfo_appinfo_h handle = NULL;
+       char *app_root_path = NULL;
 
+       ret = pkgmgrinfo_appinfo_get_usr_appinfo(job->pkgid, job->target_uid, &handle);
+       if (ret != PMINFO_R_OK) {
+               _return_value_to_caller(job->req_id, g_variant_new("(i)", ret));
+               return PKGMGR_R_ENOPKG;
+       }
+
+       ret = pkgmgrinfo_appinfo_get_root_path(handle, &app_root_path);
+       if (ret != PMINFO_R_OK || !app_root_path) {
+               _return_value_to_caller(job->req_id, g_variant_new("(i)", ret));
+               pkgmgrinfo_appinfo_destroy_appinfo(handle);
+               return PKGMGR_R_ESYSTEM;
+       }
+
+       if (strncasecmp(job->args, app_root_path, strlen(app_root_path)) != 0 ||
+                       strstr(job->args, "..") != NULL ||
+                       access(job->args, F_OK) != 0) {
+               ERR("invalid path[%s]", job->args);
+               _return_value_to_caller(job->req_id, g_variant_new("(i)", ret));
+               pkgmgrinfo_appinfo_destroy_appinfo(handle);
+               return PKGMGR_R_EINVAL;
+       }
+
+       pkgmgrinfo_appinfo_destroy_appinfo(handle);
        ret = pkgmgr_parser_update_app_icon_info_in_usr_db(job->pkgid,
                        job->target_uid, job->args);
        _return_value_to_caller(job->req_id, g_variant_new("(i)", ret));