From db7f101d1c13c1e1d2dd11255e363f7cb86f3238 Mon Sep 17 00:00:00 2001
From: Jakub Jelen <jjelen@redhat.com>
Date: Tue, 22 Apr 2025 21:37:29 +0200
Subject: [PATCH] CVE-2025-5449 sftpserver: Avoid memory leak when we run out
 of handles during sftp_open

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
---
 src/sftpserver.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/sftpserver.c b/src/sftpserver.c
index 36dd129d..c77947eb 100644
--- a/src/sftpserver.c
+++ b/src/sftpserver.c
@@ -935,6 +935,7 @@ process_open(sftp_client_message client_msg)
         sftp_reply_handle(client_msg, handle_s);
         ssh_string_free(handle_s);
     } else {
+        free(h);
         close(fd);
         SSH_LOG(SSH_LOG_PROTOCOL, "Failed to allocate handle");
         sftp_reply_status(client_msg, SSH_FX_FAILURE,