1
0
mirror of https://github.com/moparisthebest/curl synced 2024-11-10 11:35:07 -05:00

ftp: avoid risk of reading uninitialized integers

If the received PASV response doesn't match the expected pattern, we
could end up reading uninitialized integers for IP address and port
number.

Issue pointed out by muse.dev
Closes #5972
This commit is contained in:
Daniel Stenberg 2020-09-17 16:16:38 +02:00
parent 7921b41ce1
commit 3d8731c8f5
No known key found for this signature in database
GPG Key ID: 5CC908FDB71E12C2

View File

@ -1860,8 +1860,8 @@ static CURLcode ftp_state_pasv_resp(struct connectdata *conn,
else if((ftpc->count1 == 1) && else if((ftpc->count1 == 1) &&
(ftpcode == 227)) { (ftpcode == 227)) {
/* positive PASV response */ /* positive PASV response */
unsigned int ip[4]; unsigned int ip[4] = {0, 0, 0, 0};
unsigned int port[2]; unsigned int port[2] = {0, 0};
/* /*
* Scan for a sequence of six comma-separated numbers and use them as * Scan for a sequence of six comma-separated numbers and use them as