diff --git a/interfaces/innerkits/native/file_share/src/file_share.cpp b/interfaces/innerkits/native/file_share/src/file_share.cpp
index 6c9d161510131b40237fe142b50363d73b991923..3ca42a513b67ee72232b5f23fa4d8ab65f92ef66 100644
--- a/interfaces/innerkits/native/file_share/src/file_share.cpp
+++ b/interfaces/innerkits/native/file_share/src/file_share.cpp
@@ -226,8 +226,28 @@ static bool MakeDir(const string &path)
     return true;
 }
 
+static bool CheckValidPath(const string &filePath)
+{
+    if (filePath.size() >= PATH_MAX) {
+        return false;
+    }
+
+    char realPath[PATH_MAX]{'\0'};
+    if (realpath(filePath.c_str(), realPath) != nullptr &&
+        strncmp(realPath, filePath.c_str(), filePath.size()) == 0) {
+            return true;
+    } else {
+        return false;
+    }
+}
+
 static int32_t PreparePreShareDir(FileShareInfo &info)
 {
+    if (!CheckValidPath(info.providerLowerPath_)) {
+        LOGE("Invalid share path with %{private}s", info.providerLowerPath_.c_str());
+        return -EINVAL;
+    }
+
     for (size_t i = 0; i < info.sharePath_.size(); i++) {
         if (access(info.sharePath_[i].c_str(), F_OK) != 0) {
             string sharePathDir = info.sharePath_[i];
diff --git a/services/remote_file_share/src/remote_file_share.cpp b/services/remote_file_share/src/remote_file_share.cpp
index 862191e9fcf70bdbc79ed5ec5c4477bbcd943e5b..865a694155839b8426257ef7caa7de15a63d84f9 100644
--- a/services/remote_file_share/src/remote_file_share.cpp
+++ b/services/remote_file_share/src/remote_file_share.cpp
@@ -70,8 +70,8 @@ static std::string GetFileName(const int &fd)
         return "";
     }
 
-    ret = readlink(buf, filePath, PATH_MAX - 1);
-    if (ret < 0) {
+    ret = readlink(buf, filePath, PATH_MAX);
+    if (ret < 0 || ret >= PATH_MAX) {
         LOGE("RemoteFileShare::GetFileName, readlink failed with %{public}d", errno);
         return "";
     }