From c3da05d95922f5550bcc7815e799474d6a160175 Mon Sep 17 00:00:00 2001 From: "dtucker@openbsd.org" Date: Wed, 29 Mar 2023 00:59:08 +0000 Subject: [PATCH] upstream: Plug potential mem leak in process_put. It allocates abs_dst inside a loop but only frees it on exit, so free inside the loop if necessary. Coverity CID 291837, ok djm@ OpenBSD-Commit-ID: a01616503a185519b16f00dde25d34ceaf4ae1a3 --- sftp.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/sftp.c b/sftp.c index 6c5aab7a5..07b46c7f7 100644 --- a/sftp.c +++ b/sftp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sftp.c,v 1.230 2023/03/28 07:44:32 dtucker Exp $ */ +/* $OpenBSD: sftp.c,v 1.231 2023/03/29 00:59:08 dtucker Exp $ */ /* * Copyright (c) 2001-2004 Damien Miller * @@ -769,6 +769,8 @@ process_put(struct sftp_conn *conn, const char *src, const char *dst, goto out; } + free(abs_dst); + abs_dst = NULL; if (g.gl_matchc == 1 && tmp_dst) { /* If directory specified, append filename */ if (dst_is_dir)