From 346781ff633aee48eee5700a0b379d97cf86c935 Mon Sep 17 00:00:00 2001
From: Andreas <nordominus@users.noreply.github.com>
Date: Tue, 19 Nov 2019 05:07:06 +0100
Subject: Fix a potential memory leak in file transfer (#126)

* Fix a potential memory leak in file transfer

This potential memory leak in dlt-system-filetransfer.c can happen if only a filename
is passed to dirname(). In the current implementation of dlt-daemon, this issue cannot happen.
But in case of refactoring or different usage there is a chance that it can be triggered.
See: https://linux.die.net/man/3/dirname

Signed-off-by: Andreas Seidl <andreas.seidl@daimler.com>
---
 AUTHORS                              |  1 +
 src/system/dlt-system-filetransfer.c | 18 +++++++++++-------
 2 files changed, 12 insertions(+), 7 deletions(-)

diff --git a/AUTHORS b/AUTHORS
index cf74d8f..cd8dc9e 100644
--- a/AUTHORS
+++ b/AUTHORS
@@ -14,3 +14,4 @@ Eckhard Diezel <external.Eckhard.Diezel@de.bosch.com>
 Mohammed AL Dardoun
 Lassi Marttala
 Simon Brandner
+Copyright (c) 2019 MBition GmbH, Andreas Seidl <andreas.seidl@daimler.com>
diff --git a/src/system/dlt-system-filetransfer.c b/src/system/dlt-system-filetransfer.c
index 85aa380..dbc5431 100644
--- a/src/system/dlt-system-filetransfer.c
+++ b/src/system/dlt-system-filetransfer.c
@@ -272,9 +272,13 @@ int send_one(char *src, FiletransferOptions const *opts, int which)
         return -1;
     }
 
-    char *fdir = strndup(src, PATH_MAX);
-    MALLOC_ASSERT(fdir);
-    fdir = dirname(fdir);/*dirname overwrites its argument anyway */
+    char *src_copy = strndup(src, PATH_MAX);
+    MALLOC_ASSERT(src_copy);
+
+    /*dirname overwrites its argument anyway, */
+    /*but depending on argument returned address might change */
+    char *fdir = dirname(src_copy);
+
     char *dst_tosend;/*file which is going to be sent */
 
     char *rn = unique_name(src);/*new unique filename based on inode */
@@ -308,7 +312,7 @@ int send_one(char *src, FiletransferOptions const *opts, int which)
                     DLT_STRING(dst_tocompress));
             free(rn);
             free(dst_tocompress);
-            free(fdir);
+            free(src_copy);
             return -1;
         }
 
@@ -321,7 +325,7 @@ int send_one(char *src, FiletransferOptions const *opts, int which)
             free(rn);
             free(dst_tosend);
             free(dst_tocompress);
-            free(fdir);
+            free(src_copy);
             return -1;
         }
 
@@ -349,7 +353,7 @@ int send_one(char *src, FiletransferOptions const *opts, int which)
                     DLT_STRING(dst_tosend));
             free(rn);
             free(dst_tosend);
-            free(fdir);
+            free(src_copy);
             return -1;
         }
     }
@@ -362,7 +366,7 @@ int send_one(char *src, FiletransferOptions const *opts, int which)
 
     free(rn);
     free(dst_tosend);
-    free(fdir);
+    free(src_copy);
 
     return 0;
 }
-- 
cgit v1.2.1