diff options
author | Daniel Stenberg <daniel@haxx.se> | 2021-08-17 09:50:02 +0200 |
---|---|---|
committer | Daniel Stenberg <daniel@haxx.se> | 2021-08-17 10:58:22 +0200 |
commit | 5ceb83ff6cbed58b002a02ad306cf89bc0758ae3 (patch) | |
tree | fb8743cd9aee1d0d6f298ae0584c24cfa696cfac | |
parent | 04f46a2a1a99187a389ed836fba406bae4e1bcc9 (diff) | |
download | curl-5ceb83ff6cbed58b002a02ad306cf89bc0758ae3.tar.gz |
getparameter: fix the --local-port number parser
It could previously get tricked into parsing the uninitialized stack
based buffer.
Reported-by: Brian Carpenter
Closes #7582
-rw-r--r-- | src/tool_getparam.c | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/src/tool_getparam.c b/src/tool_getparam.c index 641cca2e4..00e9542b3 100644 --- a/src/tool_getparam.c +++ b/src/tool_getparam.c @@ -1006,8 +1006,9 @@ ParameterError getparameter(const char *flag, /* f or -long-flag */ config->ftp_filemethod = ftpfilemethod(config, nextarg); break; case 's': { /* --local-port */ - char lrange[7]; /* 16bit base 10 is 5 digits, but we allow 6 so that - this catches overflows, not just truncates */ + /* 16bit base 10 is 5 digits, but we allow 6 so that this catches + overflows, not just truncates */ + char lrange[7]=""; char *p = nextarg; while(ISDIGIT(*p)) p++; |