getparameter: fix the --local-port number parser

It could previously get tricked into parsing the uninitialized stack based buffer. Reported-by: Brian Carpenter Closes #7582
author: Daniel Stenberg <daniel@haxx.se> 2021-08-17 09:50:02 +0200
committer: Daniel Stenberg <daniel@haxx.se> 2021-08-17 10:58:22 +0200
commit: 5ceb83ff6cbed58b002a02ad306cf89bc0758ae3 (patch)
tree: fb8743cd9aee1d0d6f298ae0584c24cfa696cfac
parent: 04f46a2a1a99187a389ed836fba406bae4e1bcc9 (diff)
download: curl-5ceb83ff6cbed58b002a02ad306cf89bc0758ae3.tar.gz
1 files changed, 3 insertions, 2 deletions
diff --git a/src/tool_getparam.c b/src/tool_getparam.c
index 641cca2e4..00e9542b3 100644
--- a/src/tool_getparam.c
+++ b/src/tool_getparam.c
@@ -1006,8 +1006,9 @@ ParameterError getparameter(const char *flag, /* f or -long-flag */
         config->ftp_filemethod = ftpfilemethod(config, nextarg);
         break;
       case 's': { /* --local-port */
-        char lrange[7];  /* 16bit base 10 is 5 digits, but we allow 6 so that
-                            this catches overflows, not just truncates */
+        /* 16bit base 10 is 5 digits, but we allow 6 so that this catches
+           overflows, not just truncates */
+        char lrange[7]="";
         char *p = nextarg;
         while(ISDIGIT(*p))
           p++;
author	Daniel Stenberg <daniel@haxx.se>	2021-08-17 09:50:02 +0200
committer	Daniel Stenberg <daniel@haxx.se>	2021-08-17 10:58:22 +0200
commit	5ceb83ff6cbed58b002a02ad306cf89bc0758ae3 (patch)
tree	fb8743cd9aee1d0d6f298ae0584c24cfa696cfac
parent	04f46a2a1a99187a389ed836fba406bae4e1bcc9 (diff)
download	curl-5ceb83ff6cbed58b002a02ad306cf89bc0758ae3.tar.gz