getparameter: fix the --local-port number parser

It could previously get tricked into parsing the uninitialized stack
based buffer.

Reported-by: Brian Carpenter
Closes #7582

diff --git a/src/tool_getparam.c b/src/tool_getparam.c
index 641cca2e4752d4cec3cf7a244ee43da3ba156a1f..00e9542b3b78455ec922f54992eea18487f01637 100644 (file)
--- a/src/tool_getparam.c
+++ b/src/tool_getparam.c
@@ -1006,8 +1006,9 @@ ParameterError getparameter(const char *flag, /* f or -long-flag */
         config->ftp_filemethod = ftpfilemethod(config, nextarg);
         break;
       case 's': { /* --local-port */
-        char lrange[7];  /* 16bit base 10 is 5 digits, but we allow 6 so that
-                            this catches overflows, not just truncates */
+        /* 16bit base 10 is 5 digits, but we allow 6 so that this catches
+           overflows, not just truncates */
+        char lrange[7]="";
         char *p = nextarg;
         while(ISDIGIT(*p))
           p++;