crash-manager: Fix free of invalid pointer returned by dirname()

This fixes SVACE issue (overwriting dst_dirpath pointer by dirname(3)
result, which should not be freed).

Change-Id: Iad2ed92c6111f8133e3c6363876ff3fad80557f3

diff --git a/src/crash-manager/crash-manager.c b/src/crash-manager/crash-manager.c
index 682da09..e7ff778 100644 (file)
--- a/src/crash-manager/crash-manager.c
+++ b/src/crash-manager/crash-manager.c
@@ -735,13 +735,14 @@ static bool copy_application_data(struct crash_info *cinfo, const char *filename
                goto out;
 
        dst_dirpath = strdup(dst_filepath);
-       if (dst_dirpath == NULL) {
-               _E("Failed to copy dst_filepath: %s", dst_filepath);
+       char *dst_dirname = dirname(dst_dirpath);
+       if (dst_dirpath == NULL || dst_dirname == NULL) {
+               _E("Out of memory");
                goto out;
        }
-       dst_dirpath = dirname(dst_dirpath);
-       if (mkdir(dst_dirpath, 0775) < 0 && errno != EEXIST) {
-               _E("Failed to mkdir %s (%m)", dst_dirpath);
+
+       if (mkdir(dst_dirname, 0775) < 0 && errno != EEXIST) {
+               _E("Failed to mkdir %s: %m", dst_dirname);
                goto out;
        }