From: djm@openbsd.org <djm@openbsd.org>
Date: Sun, 20 Mar 2022 08:52:17 +0000 (+0000)
Subject: upstream: don't leak argument list; bz3404, reported by Balu
X-Git-Tag: V_9_0_P1~26
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=16ea8b85838dd7a4dbeba4e51ac4f43fd68b1e5b;p=thirdparty%2Fopenssh-portable.git

upstream: don't leak argument list; bz3404, reported by Balu

Gajjala ok dtucker@

OpenBSD-Commit-ID: fddc32d74e5dd5cff1a49ddd6297b0867eae56a6
---

diff --git a/scp.c b/scp.c
index 04f1a649b..c36d66aa5 100644
--- a/scp.c
+++ b/scp.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: scp.c,v 1.246 2022/02/23 19:01:00 deraadt Exp $ */
+/* $OpenBSD: scp.c,v 1.247 2022/03/20 08:52:17 djm Exp $ */
 /*
  * scp - secure remote copy.  This is basically patched BSD rcp which
  * uses ssh to do the data transfer (instead of using rcmd).
@@ -968,7 +968,7 @@ do_sftp_connect(char *host, char *user, int port, char *sftp_direct,
 			return NULL;
 
 	} else {
-		args.list = NULL;
+		freeargs(&args);
 		addargs(&args, "sftp-server");
 		if (do_cmd(sftp_direct, host, NULL, -1, 0, "sftp",
 		    reminp, remoutp, pidp) < 0)