Fix some security issues

Change-Id: I2b31052aa20c028f0a4b496ec50b54641cce8bd9
Signed-off-by: hyunuktak <hyunuk.tak@samsung.com>

diff --git a/packaging/stc-manager.spec b/packaging/stc-manager.spec
index 857db2c..9fe0c3c 100644 (file)
--- a/packaging/stc-manager.spec
+++ b/packaging/stc-manager.spec
@@ -1,6 +1,6 @@
 Name:       stc-manager
 Summary:    STC(Smart Traffic Control) manager
-Version:    0.0.68
+Version:    0.0.69
 Release:    0
 Group:      Network & Connectivity/Other
 License:    Apache-2.0

diff --git a/src/helper/helper-cgroup.c b/src/helper/helper-cgroup.c
old mode 100644 (file)
new mode 100755 (executable)
index dc51231..1f195ba
--- a/src/helper/helper-cgroup.c
+++ b/src/helper/helper-cgroup.c
@@ -76,7 +76,7 @@ stc_error_e cgroup_write_pidtree(const char *cgroup_subsystem,
        char buf[MAX_PATH_LENGTH];
 
        /*/proc/%d/task/%d/children */
-       char child_buf[21 + MAX_DEC_SIZE(int) + MAX_DEC_SIZE(int)];
+       char child_buf[21 + MAX_DEC_SIZE(int) + MAX_DEC_SIZE(int) + 1];
        char pidbuf[MAX_DEC_SIZE(int)];
        stc_error_e ret;
 

diff --git a/src/helper/helper-file.c b/src/helper/helper-file.c
old mode 100644 (file)
new mode 100755 (executable)
index 63ad2bd..636ef5d
--- a/src/helper/helper-file.c
+++ b/src/helper/helper-file.c
@@ -23,10 +23,16 @@ int fwrite_str(const char *path, const char *str)
 {
        _cleanup_fclose_ FILE *f = NULL;
        int ret;
+       char * t;
 
        assert(path);
        assert(str);
 
+       t = realpath(path, NULL);
+       ret_value_errno_msg_if(!t, -errno,
+                              "Fail to get realpath %s", path);
+       free(t);
+
        f = fopen(path, "w");
        ret_value_errno_msg_if(!f, -errno,
                               "Fail to open file %s", path);

diff --git a/src/helper/helper-net-cls.c b/src/helper/helper-net-cls.c
index f3a2ef5..748f95f 100755 (executable)
--- a/src/helper/helper-net-cls.c
+++ b/src/helper/helper-net-cls.c
@@ -172,7 +172,7 @@ handle_error:
 
 stc_error_e place_pids_to_net_cgroup(const int pid, const char *app_id)
 {
-       char child_buf[21 + MAX_DEC_SIZE(int) + MAX_DEC_SIZE(int)];
+       char child_buf[21 + MAX_DEC_SIZE(int) + MAX_DEC_SIZE(int) + 1];
        const char *path_to_net_cgroup_dir = NULL;
 
        snprintf(child_buf, sizeof(child_buf), PROC_TASK_CHILDREN, pid, pid);

diff --git a/src/helper/helper-nfacct-rule.c b/src/helper/helper-nfacct-rule.c
index caf1174..1a2d188 100755 (executable)
--- a/src/helper/helper-nfacct-rule.c
+++ b/src/helper/helper-nfacct-rule.c
@@ -478,7 +478,7 @@ static stc_error_e produce_app_rule(nfacct_rule_s *rule)
        char *set_cmd = get_iptables_cmd(rule->action);
        char *jump_cmd = get_iptables_jump(rule->jump);
        char nfacct_buf[sizeof(NFACCT_NAME_MOD) +
-               3*MAX_DEC_SIZE(int) + 4];
+               3*MAX_DEC_SIZE(int) + 4 + 1];
        stc_error_e ret = STC_ERROR_NONE;
 
        /* income part */
@@ -581,7 +581,7 @@ static stc_error_e produce_iface_rule(nfacct_rule_s *rule)
        char *set_cmd = get_iptables_cmd(rule->action);
        char *jump_cmd = get_iptables_jump(rule->jump);
        char nfacct_buf[sizeof(NFACCT_NAME_MOD) +
-               3*MAX_DEC_SIZE(int) + 4];
+               3*MAX_DEC_SIZE(int) + 4 + 1];
        uint32_t classid = rule->classid;
        stc_error_e ret;