summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJiwoong Im <jiwoong.im@samsung.com>2017-04-28 04:51:24 (GMT)
committerJiwoong Im <jiwoong.im@samsung.com>2017-04-28 05:50:06 (GMT)
commit7f2b7cb3b629e86a398e21f9a37404b2e99d0159 (patch)
treedd12c4c67943603b7ef0e534680c0ee74cdf97d1
parent52cd5831662924776b9a6402764620e070456024 (diff)
downloadui-gadget-1-accepted/tizen_3.0_common.zip
ui-gadget-1-accepted/tizen_3.0_common.tar.gz
ui-gadget-1-accepted/tizen_3.0_common.tar.bz2
- Loading libraries without specifying an absolute path could allow an attacker to load a malicious library by changing $LD_* or other aspects of the program's execution environment. Change-Id: Ic51469d1ffab14008e8ef550ae604ee7f3138994 Signed-off-by: Jiwoong Im <jiwoong.im@samsung.com> (cherry picked from commit c1383a9d34d47837503a61ba5affda841156c4eb)
-rw-r--r--CMakeLists.txt1
-rw-r--r--src/engine.c2
2 files changed, 2 insertions, 1 deletions
diff --git a/CMakeLists.txt b/CMakeLists.txt
index 25ca50f..ff9a865 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -17,6 +17,7 @@ INCLUDE_DIRECTORIES(${CMAKE_CURRENT_SOURCE_DIR}/include)
ADD_DEFINITIONS("-DPREFIX=\"${CMAKE_INSTALL_PREFIX}\"")
ADD_DEFINITIONS("-DDATAFS=\"${DATADIR}\"")
ADD_DEFINITIONS("-DENABLE_UG_CREATE_CB")
+ADD_DEFINITIONS("-DUG_LIB_DIR=\"${LIB_INSTALL_DIR}\"")
SET(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fvisibility=hidden -Wall")
INCLUDE(FindPkgConfig)
diff --git a/src/engine.c b/src/engine.c
index bf9e32a..a208ceb 100644
--- a/src/engine.c
+++ b/src/engine.c
@@ -51,7 +51,7 @@ struct ug_engine *ug_engine_load()
return NULL;
}
- handle = dlopen("libui-gadget-1-efl-engine.so", RTLD_LAZY);
+ handle = dlopen(UG_LIB_DIR"/libui-gadget-1-efl-engine.so", RTLD_LAZY);
if (!handle) {
_ERR("dlopen failed: %s", dlerror());
goto engine_free;