From: Daniel Stenberg <daniel@haxx.se>
Date: Tue, 17 Aug 2021 07:50:02 +0000 (+0200)
Subject: getparameter: fix the --local-port number parser
X-Git-Tag: curl-7_79_0~98
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=5ceb83ff6cbed58b002a02ad306cf89bc0758ae3;p=thirdparty%2Fcurl.git

getparameter: fix the --local-port number parser

It could previously get tricked into parsing the uninitialized stack
based buffer.

Reported-by: Brian Carpenter
Closes #7582
---

diff --git a/src/tool_getparam.c b/src/tool_getparam.c
index 641cca2e47..00e9542b3b 100644
--- a/src/tool_getparam.c
+++ b/src/tool_getparam.c
@@ -1006,8 +1006,9 @@ ParameterError getparameter(const char *flag, /* f or -long-flag */
         config->ftp_filemethod = ftpfilemethod(config, nextarg);
         break;
       case 's': { /* --local-port */
-        char lrange[7];  /* 16bit base 10 is 5 digits, but we allow 6 so that
-                            this catches overflows, not just truncates */
+        /* 16bit base 10 is 5 digits, but we allow 6 so that this catches
+           overflows, not just truncates */
+        char lrange[7]="";
         char *p = nextarg;
         while(ISDIGIT(*p))
           p++;