diff options
| author | Daniel Stenberg <daniel@haxx.se> | 2020-09-17 16:16:38 +0200 |
|---|---|---|
| committer | Daniel Stenberg <daniel@haxx.se> | 2020-09-18 08:26:49 +0200 |
| commit | 3d8731c8f52cf1ed40bbabd319a3b732cdbcd3d2 (patch) | |
| tree | ac283c439fe84291a4a4f477b2ed25782de0cb77 /lib | |
| parent | 7921b41ce1b0d8bf8ebe42456116c6b2fece485d (diff) | |
| download | curl-3d8731c8f52cf1ed40bbabd319a3b732cdbcd3d2.tar.gz | |
ftp: avoid risk of reading uninitialized integers
If the received PASV response doesn't match the expected pattern, we
could end up reading uninitialized integers for IP address and port
number.
Issue pointed out by muse.dev
Closes #5972
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/ftp.c | 4 |
1 files changed, 2 insertions, 2 deletions
@@ -1860,8 +1860,8 @@ static CURLcode ftp_state_pasv_resp(struct connectdata *conn, else if((ftpc->count1 == 1) && (ftpcode == 227)) { /* positive PASV response */ - unsigned int ip[4]; - unsigned int port[2]; + unsigned int ip[4] = {0, 0, 0, 0}; + unsigned int port[2] = {0, 0}; /* * Scan for a sequence of six comma-separated numbers and use them as |