those 2 functions have conditions that
return without freeing memory.
(Suggestions from armani@).
Index: sftp-client.c
===================================================================
RCS file: /cvs/src/usr.bin/ssh/sftp-client.c,v
retrieving revision 1.94
diff -u -p -r1.94 sftp-client.c
--- sftp-client.c 4 Dec 2010 00:18:01 -0000 1.94
+++ sftp-client.c 20 Jul 2011 20:14:17 -0000
@@ -798,8 +798,6 @@ do_hardlink(struct sftp_conn *conn, char
Buffer msg;
u_int status, id;
- buffer_init(&msg);
-
/* Send link request */
id = conn->msg_id++;
if ((conn->exts & SFTP_EXT_HARDLINK) == 0) {
@@ -807,6 +805,7 @@ do_hardlink(struct sftp_conn *conn, char
return -1;
}
+ buffer_init(&msg);
buffer_put_char(&msg, SSH2_FXP_EXTENDED);
buffer_put_int(&msg, id);
buffer_put_cstring(&msg, "hardl...@openssh.com");
@@ -882,6 +881,7 @@ do_readlink(struct sftp_conn *conn, char
u_int status = buffer_get_int(&msg);
error("Couldn't readlink: %s", fx2txt(status));
+ buffer_free(&msg);
return(NULL);
} else if (type != SSH2_FXP_NAME)
fatal("Expected SSH2_FXP_NAME(%u) packet, got %u",
