From 4f0b98dbb8effd7fe6aa7f23e6dcd36ff2f60f88 Mon Sep 17 00:00:00 2001
From: Andrew LeFevre <andrew.lefevre@goteleport.com>
Date: Wed, 30 Oct 2024 14:10:22 -0400
Subject: [PATCH] protect tracked files with mutex

---
 tool/teleport/common/sftp.go | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/tool/teleport/common/sftp.go b/tool/teleport/common/sftp.go
index acf55a7deca59..3730c49b357d8 100644
--- a/tool/teleport/common/sftp.go
+++ b/tool/teleport/common/sftp.go
@@ -30,6 +30,7 @@ import (
 	"os/user"
 	"path"
 	"strings"
+	"sync"
 	"sync/atomic"
 	"time"
 
@@ -90,6 +91,7 @@ type allowedOps struct {
 type sftpHandler struct {
 	logger  *log.Entry
 	allowed *allowedOps
+	mtx     sync.Mutex
 	files   []*trackedFile
 	events  chan<- apievents.AuditEvent
 }
@@ -245,7 +247,9 @@ func (s *sftpHandler) openFile(req *sftp.Request) (sftp.WriterAtReaderAt, error)
 		return nil, err
 	}
 	trackFile := &trackedFile{file: f}
+	s.mtx.Lock()
 	s.files = append(s.files, trackFile)
+	s.mtx.Unlock()
 
 	return trackFile, nil
 }