diff options
| author | Daniel Stenberg <daniel@haxx.se> | 2020-09-17 16:16:38 +0200 |
|---|---|---|
| committer | Daniel Stenberg <daniel@haxx.se> | 2020-09-17 16:16:38 +0200 |
| commit | a6ffd246ec843c6c18f793173c1d1046e57cfe80 (patch) | |
| tree | fea970d03ab93ec8033d46712c391f2386b32398 | |
| parent | cd048aaa2838d6dbf54e19a2cdc4552ae227bf27 (diff) | |
| download | curl-bagder/ftp-uninit-value.tar.gz | |
ftp: avoid risk of reading uninitialized integersbagder/ftp-uninit-value
If the received PASV response doesn't match the expected pattern, we
could end up reading uninitialized integers for IP address and port
number.
Issue pointed out by muse.dev
| -rw-r--r-- | lib/ftp.c | 4 |
1 files changed, 2 insertions, 2 deletions
@@ -1864,8 +1864,8 @@ static CURLcode ftp_state_pasv_resp(struct connectdata *conn, else if((ftpc->count1 == 1) && (ftpcode == 227)) { /* positive PASV response */ - unsigned int ip[4]; - unsigned int port[2]; + unsigned int ip[4] = {0, 0, 0, 0}; + unsigned int port[2] = {0, 0}; /* * Scan for a sequence of six comma-separated numbers and use them as |