CVE-2020-16135: Add missing NULL check for ssh_buffer_new()

Add a missing NULL check for the pointer returned by ssh_buffer_new() in
sftpserver.c.

Thanks to Ramin Farajpour Cami for spotting this.

Fixes T232

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
(cherry picked from commit 533d881b0f4b24c72b35ecc97fa35d295d063e53)