From 0ff832215604b52f3a3e3ed5bb0e50e0d10d1103 Mon Sep 17 00:00:00 2001
From: Junghyun Yeon <jungh.yeon@samsung.com>
Date: Thu, 21 Dec 2017 16:05:35 +0900
Subject: [PATCH] Add codes to check path of icon path

- When change icon request has received, server should check
  given icon path belogs to pkg path and
  existance of icon file.

Change-Id: I2ba618c0abbc7ef63e2a7c295968b22935496d2c
Signed-off-by: Junghyun Yeon <jungh.yeon@samsung.com>
---
 src/pkgmgr-server.c | 25 +++++++++++++++++++++++++
 1 file changed, 25 insertions(+)

diff --git a/src/pkgmgr-server.c b/src/pkgmgr-server.c
index 38fdaa2..e7559f7 100644
--- a/src/pkgmgr-server.c
+++ b/src/pkgmgr-server.c
@@ -1775,7 +1775,32 @@ static int __process_set_app_label(struct backend_job *job)
 static int __process_set_app_icon(struct backend_job *job)
 {
 	int ret;
+	pkgmgrinfo_appinfo_h handle = NULL;
+	char *app_root_path = NULL;
 
+	ret = pkgmgrinfo_appinfo_get_usr_appinfo(job->pkgid, job->target_uid, &handle);
+	if (ret != PMINFO_R_OK) {
+		_return_value_to_caller(job->req_id, g_variant_new("(i)", ret));
+		return PKGMGR_R_ENOPKG;
+	}
+
+	ret = pkgmgrinfo_appinfo_get_root_path(handle, &app_root_path);
+	if (ret != PMINFO_R_OK || !app_root_path) {
+		_return_value_to_caller(job->req_id, g_variant_new("(i)", ret));
+		pkgmgrinfo_appinfo_destroy_appinfo(handle);
+		return PKGMGR_R_ESYSTEM;
+	}
+
+	if (strncasecmp(job->args, app_root_path, strlen(app_root_path)) != 0 ||
+			strstr(job->args, "..") != NULL ||
+			access(job->args, F_OK) != 0) {
+		ERR("invalid path[%s]", job->args);
+		_return_value_to_caller(job->req_id, g_variant_new("(i)", ret));
+		pkgmgrinfo_appinfo_destroy_appinfo(handle);
+		return PKGMGR_R_EINVAL;
+	}
+
+	pkgmgrinfo_appinfo_destroy_appinfo(handle);
 	ret = pkgmgr_parser_update_app_icon_info_in_usr_db(job->pkgid,
 			job->target_uid, job->args);
 	_return_value_to_caller(job->req_id, g_variant_new("(i)", ret));
-- 
2.7.4