From 4b5877f4eeb2bd1f460d61cd3b3963d59125a682 Mon Sep 17 00:00:00 2001
From: Jan Goldacker <jan.goldacker@hoppecke.com>
Date: Tue, 12 May 2026 08:06:35 +0200
Subject: [PATCH 1/2] stop on end-of-dir

---
 src/wolfsftp.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/wolfsftp.c b/src/wolfsftp.c
index f86e27ecc..8c05779d7 100644
--- a/src/wolfsftp.c
+++ b/src/wolfsftp.c
@@ -3130,7 +3130,7 @@ static int wolfSSH_SFTPNAME_readdir(WOLFSSH* ssh, WDIR* dir, WS_SFTPNAME* out,
     }
     dp = &f;
 
-    if (f_readdir(dir, dp) != FR_OK) {
+    if (f_readdir(dir, dp) != FR_OK || dp->fname[0] == 0) {
         return WS_FATAL_ERROR;
     }
     sz = (int)WSTRLEN(dp->fname);

From b2f6f7084341ff8e406244faff585c77e8527949 Mon Sep 17 00:00:00 2001
From: Jan Goldacker <jan.goldacker@hoppecke.com>
Date: Tue, 12 May 2026 08:11:13 +0200
Subject: [PATCH 2/2] set fName to NULL after free otherwise
 wolfSSH_SFTPNAME_free would crash afterwards

---
 src/wolfsftp.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/wolfsftp.c b/src/wolfsftp.c
index 8c05779d7..e5b60b0e8 100644
--- a/src/wolfsftp.c
+++ b/src/wolfsftp.c
@@ -3152,12 +3152,14 @@ static int wolfSSH_SFTPNAME_readdir(WOLFSSH* ssh, WDIR* dir, WS_SFTPNAME* out,
                 >= (int)sizeof(r)) {
             WLOG(WS_LOG_SFTP, "Path length too large");
             WFREE(out->fName, out->heap, DYNTYPE_SFTP);
+            out->fName = NULL;
             return WS_FATAL_ERROR;
         }
 
         if (wolfSSH_RealPath(ssh->sftpDefaultPath, r, s, sizeof(s)) < 0) {
             WLOG(WS_LOG_SFTP, "Error cleaning path to get attributes");
             WFREE(out->fName, out->heap, DYNTYPE_SFTP);
+            out->fName = NULL;
             return WS_FATAL_ERROR;
         }
         if (SFTP_GetAttributes(ssh->fs, s, &out->atrb, 0, ssh->ctx->heap)
@@ -3165,6 +3167,7 @@ static int wolfSSH_SFTPNAME_readdir(WOLFSSH* ssh, WDIR* dir, WS_SFTPNAME* out,
             WLOG(WS_LOG_SFTP, "Unable to get attribute values for %s",
                     out->fName);
             WFREE(out->fName, out->heap, DYNTYPE_SFTP);
+            out->fName = NULL;
             return WS_FATAL_ERROR;
         }
     }
@@ -3173,6 +3176,7 @@ static int wolfSSH_SFTPNAME_readdir(WOLFSSH* ssh, WDIR* dir, WS_SFTPNAME* out,
     if (SFTP_CreateLongName(out) != WS_SUCCESS) {
         WLOG(WS_LOG_DEBUG, "Error creating long name for %s", out->fName);
         WFREE(out->fName, out->heap, DYNTYPE_SFTP);
+        out->fName = NULL;
         return WS_FATAL_ERROR;
     }
     return WS_SUCCESS;