diff options
| author | Hyihong Chae <hh.chae@samsung.com> | 2017-04-24 19:02:21 +0900 |
|---|---|---|
| committer | Hyihong Chae <hh.chae@samsung.com> | 2017-04-24 19:10:53 +0900 |
| commit | 1fb7cbb7a3b4dec4c02c230817369dc91a9130ed (patch) | |
| tree | 64c7eaf755630009bda3ab7f33261f23b8626b06 | |
| parent | 6c7181ea696544d60126550ba38db3e7315ed58c (diff) | |
| download | mtp-responder-1fb7cbb7a3b4dec4c02c230817369dc91a9130ed.tar.gz mtp-responder-1fb7cbb7a3b4dec4c02c230817369dc91a9130ed.tar.bz2 mtp-responder-1fb7cbb7a3b4dec4c02c230817369dc91a9130ed.zip | |
fix security issue(TSAM-13252)tizen_4.0.m1_releasesubmit/tizen/20170424.101510accepted/tizen/unified/20170424.154227
Change-Id: I99c089e88868edbad0532510be7e838e4d570f5f
Signed-off-by: HyiHong Chae <hh.chae@samsung.com>
| -rwxr-xr-x | include/util/mtp_support.h | 1 | ||||
| -rwxr-xr-x | packaging/mtp-responder.spec | 2 | ||||
| -rwxr-xr-x | src/entity/mtp_store.c | 6 | ||||
| -rwxr-xr-x | src/transport/mtp_transport.c | 1 | ||||
| -rwxr-xr-x | src/util/mtp_support.c | 36 |
5 files changed, 43 insertions, 3 deletions
diff --git a/include/util/mtp_support.h b/include/util/mtp_support.h index b0cc9c4..a67325b 100755 --- a/include/util/mtp_support.h +++ b/include/util/mtp_support.h @@ -54,5 +54,6 @@ void _util_get_parent_path(const mtp_char *fullpath, mtp_char *p_path); void _util_conv_wstr_to_guid(mtp_wchar *wstr, mtp_uint64 *guid); mtp_bool _util_get_unique_dir_path(const mtp_char *exist_path, mtp_char *new_path, mtp_uint32 new_path_buf_len); +mtp_int32 _util_system_cmd_wait(const mtp_char *cmd); #endif /* _MTP_SUPPORT_H_ */ diff --git a/packaging/mtp-responder.spec b/packaging/mtp-responder.spec index d333fb0..8317525 100755 --- a/packaging/mtp-responder.spec +++ b/packaging/mtp-responder.spec @@ -5,7 +5,7 @@ ExcludeArch: %arm aarch64 Name: mtp-responder Summary: Media Transfer Protocol daemon (responder) -Version: 0.0.23 +Version: 0.0.24 Release: 1 Group: Network & Connectivity/Other License: Apache-2.0 diff --git a/src/entity/mtp_store.c b/src/entity/mtp_store.c index 7297d8b..c3ae8ac 100755 --- a/src/entity/mtp_store.c +++ b/src/entity/mtp_store.c @@ -1199,7 +1199,8 @@ void _entity_list_modified_files(mtp_uint32 minutes) inter_path, minutes, MTP_FILES_MODIFIED_FILES); DBG("find query is [%s]\n", command); - ret = system(command); + ret = _util_system_cmd_wait(command); + if (WIFSIGNALED(ret) && (WTERMSIG(ret) == SIGINT || WTERMSIG(ret) == SIGQUIT)) { @@ -1215,7 +1216,8 @@ void _entity_list_modified_files(mtp_uint32 minutes) ext_path, minutes, MTP_FILES_MODIFIED_FILES); DBG("find query is [%s]\n", command); - ret = system(command); + ret = _util_system_cmd_wait(command); + if (WIFSIGNALED(ret) && (WTERMSIG(ret) == SIGINT || WTERMSIG(ret) == SIGQUIT)) { diff --git a/src/transport/mtp_transport.c b/src/transport/mtp_transport.c index 3eee08b..7c73bbd 100755 --- a/src/transport/mtp_transport.c +++ b/src/transport/mtp_transport.c @@ -419,6 +419,7 @@ void _transport_usb_finalize(void) sizeof(msgq_ptr_t) - sizeof(long), 0)) { ERR("_util_msgq_send() Fail"); } + g_free(pkt.buffer); res = _util_thread_join(g_data_rcv, &th_result); if (res == FALSE) diff --git a/src/util/mtp_support.c b/src/util/mtp_support.c index 83108d6..8517146 100755 --- a/src/util/mtp_support.c +++ b/src/util/mtp_support.c @@ -17,6 +17,7 @@ #include <glib.h> #include <glib/gprintf.h> #include <unistd.h> +#include <sys/wait.h> #include "mtp_support.h" #include "ptp_datacodes.h" #include "mtp_util.h" @@ -643,3 +644,38 @@ SUCCESS: DBG_SECURE("Unique dir name[%s]\n", new_path); return TRUE; } + +mtp_int32 _util_system_cmd_wait(const mtp_char *cmd) +{ + + int pid = 0; + int status = 0; + + if (cmd == NULL) + return -1; + + pid = fork(); + + if (pid == -1) + return -1; + + if (pid == 0) { + char *argv[4]; + argv[0] = "sh"; + argv[1] = "-c"; + argv[2] = (char*)cmd; + argv[3] = 0; + execv("/bin/sh", argv); + exit(127); + } + + do { + if (waitpid(pid, &status, 0) == -1) { + if (errno != EINTR) + return -1; + } else { + return status; + } + } while (1); +} + |