From e762fad363bb8e70727ce50fd7d5a12241d4535b Mon Sep 17 00:00:00 2001 From: zhangkaixiang Date: Mon, 19 Jun 2023 17:49:56 +0800 Subject: [PATCH] fix up the security error for share path Signed-off-by: zhangkaixiang --- .../native/file_share/src/file_share.cpp | 20 +++++++++++++++++++ .../src/remote_file_share.cpp | 4 ++-- 2 files changed, 22 insertions(+), 2 deletions(-) diff --git a/interfaces/innerkits/native/file_share/src/file_share.cpp b/interfaces/innerkits/native/file_share/src/file_share.cpp index 6c9d16151..3ca42a513 100644 --- a/interfaces/innerkits/native/file_share/src/file_share.cpp +++ b/interfaces/innerkits/native/file_share/src/file_share.cpp @@ -226,8 +226,28 @@ static bool MakeDir(const string &path) return true; } +static bool CheckValidPath(const string &filePath) +{ + if (filePath.size() >= PATH_MAX) { + return false; + } + + char realPath[PATH_MAX]{'\0'}; + if (realpath(filePath.c_str(), realPath) != nullptr && + strncmp(realPath, filePath.c_str(), filePath.size()) == 0) { + return true; + } else { + return false; + } +} + static int32_t PreparePreShareDir(FileShareInfo &info) { + if (!CheckValidPath(info.providerLowerPath_)) { + LOGE("Invalid share path with %{private}s", info.providerLowerPath_.c_str()); + return -EINVAL; + } + for (size_t i = 0; i < info.sharePath_.size(); i++) { if (access(info.sharePath_[i].c_str(), F_OK) != 0) { string sharePathDir = info.sharePath_[i]; diff --git a/services/remote_file_share/src/remote_file_share.cpp b/services/remote_file_share/src/remote_file_share.cpp index 862191e9f..865a69415 100644 --- a/services/remote_file_share/src/remote_file_share.cpp +++ b/services/remote_file_share/src/remote_file_share.cpp @@ -70,8 +70,8 @@ static std::string GetFileName(const int &fd) return ""; } - ret = readlink(buf, filePath, PATH_MAX - 1); - if (ret < 0) { + ret = readlink(buf, filePath, PATH_MAX); + if (ret < 0 || ret >= PATH_MAX) { LOGE("RemoteFileShare::GetFileName, readlink failed with %{public}d", errno); return ""; } -- Gitee