From 261612179f740bc62ba363d98b3bd5e5573a811f Mon Sep 17 00:00:00 2001
From: Jakub Jelen <jjelen@redhat.com>
Date: Tue, 22 Apr 2025 21:37:29 +0200
Subject: [PATCH] CVE-2025-5449 sftpserver: Avoid memory leak when we run out
 of handles during sftp_open

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
---
 src/sftpserver.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/sftpserver.c b/src/sftpserver.c
index 7af30faf..d3356228 100644
--- a/src/sftpserver.c
+++ b/src/sftpserver.c
@@ -926,6 +926,7 @@ process_open(sftp_client_message client_msg)
         sftp_reply_handle(client_msg, handle_s);
         ssh_string_free(handle_s);
     } else {
+        free(h);
         close(fd);
         SSH_LOG(SSH_LOG_PROTOCOL, "Failed to allocate handle");
         sftp_reply_status(client_msg, SSH_FX_FAILURE,