From 51b7a2421a93d55ca891d38c6a4f1350fb8fffcf Mon Sep 17 00:00:00 2001
From: Pablo Yaggi <pyaggi@gmail.com>
Date: Tue, 9 Feb 2021 11:39:13 +0000
Subject: [PATCH] fix sftp_new_channel constructs an invalid object

Fixes T273

Signed-off-by: Pablo Yaggi <pyaggi@gmail.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Sahana Prasad <sahana@redhat.com>
---
 src/sftp.c | 28 ++++++++++++++++++++++++++--
 1 file changed, 26 insertions(+), 2 deletions(-)

diff --git a/src/sftp.c b/src/sftp.c
index 91bccf10..00b5b98f 100644
--- a/src/sftp.c
+++ b/src/sftp.c
@@ -191,14 +191,38 @@ sftp_new_channel(ssh_session session, ssh_channel channel)
     sftp->ext = sftp_ext_new();
     if (sftp->ext == NULL) {
         ssh_set_error_oom(session);
-        SAFE_FREE(sftp);
-        return NULL;
+        goto error;
+    }
+
+    sftp->read_packet = calloc(1, sizeof(struct sftp_packet_struct));
+    if (sftp->read_packet == NULL) {
+        ssh_set_error_oom(session);
+        goto error;
+    }
+
+    sftp->read_packet->payload = ssh_buffer_new();
+    if (sftp->read_packet->payload == NULL) {
+        ssh_set_error_oom(session);
+        goto error;
     }
 
     sftp->session = session;
     sftp->channel = channel;
 
     return sftp;
+
+error:
+    if (sftp->ext != NULL) {
+        sftp_ext_free(sftp->ext);
+    }
+    if (sftp->read_packet != NULL) {
+        if (sftp->read_packet->payload != NULL) {
+            SSH_BUFFER_FREE(sftp->read_packet->payload);
+        }
+        SAFE_FREE(sftp->read_packet);
+    }
+    SAFE_FREE(sftp);
+    return NULL;
 }
 
 #ifdef WITH_SERVER