Fix a potential memory leak in file transfer (COVESA#126)

* Fix a potential memory leak in file transfer This potential memory leak in dlt-system-filetransfer.c can happen if only a filename is passed to dirname(). In the current implementation of dlt-daemon, this issue cannot happen. But in case of refactoring or different usage there is a chance that it can be triggered. See: https://linux.die.net/man/3/dirname Signed-off-by: Andreas Seidl <andreas.seidl@daimler.com>
fmntf · Nov 19, 2019 · 346781f · 346781f
1 parent b38a8d1
commit 346781f
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 7 deletions.
diff --git a/AUTHORS b/AUTHORS
@@ -14,3 +14,4 @@ Eckhard Diezel <external.Eckhard.Diezel@de.bosch.com>
 Mohammed AL Dardoun
 Lassi Marttala
 Simon Brandner
+Copyright (c) 2019 MBition GmbH, Andreas Seidl <andreas.seidl@daimler.com>
diff --git a/src/system/dlt-system-filetransfer.c b/src/system/dlt-system-filetransfer.c
@@ -272,9 +272,13 @@ int send_one(char *src, FiletransferOptions const *opts, int which)
         return -1;
     }
 
-    char *fdir = strndup(src, PATH_MAX);
-    MALLOC_ASSERT(fdir);
-    fdir = dirname(fdir);/*dirname overwrites its argument anyway */
+    char *src_copy = strndup(src, PATH_MAX);
+    MALLOC_ASSERT(src_copy);
+
+    /*dirname overwrites its argument anyway, */
+    /*but depending on argument returned address might change */
+    char *fdir = dirname(src_copy);
+
     char *dst_tosend;/*file which is going to be sent */
 
     char *rn = unique_name(src);/*new unique filename based on inode */
@@ -308,7 +312,7 @@ int send_one(char *src, FiletransferOptions const *opts, int which)
                     DLT_STRING(dst_tocompress));
             free(rn);
             free(dst_tocompress);
-            free(fdir);
+            free(src_copy);
             return -1;
         }
 
@@ -321,7 +325,7 @@ int send_one(char *src, FiletransferOptions const *opts, int which)
             free(rn);
             free(dst_tosend);
             free(dst_tocompress);
-            free(fdir);
+            free(src_copy);
             return -1;
         }
 
@@ -349,7 +353,7 @@ int send_one(char *src, FiletransferOptions const *opts, int which)
                     DLT_STRING(dst_tosend));
             free(rn);
             free(dst_tosend);
-            free(fdir);
+            free(src_copy);
             return -1;
         }
     }
@@ -362,7 +366,7 @@ int send_one(char *src, FiletransferOptions const *opts, int which)
 
     free(rn);
     free(dst_tosend);
-    free(fdir);
+    free(src_copy);
 
     return 0;
 }