Browse Source

ftp: avoid risk of reading uninitialized integers

If the received PASV response doesn't match the expected pattern, we
could end up reading uninitialized integers for IP address and port
number.

Issue pointed out by muse.dev
Closes #5972
Daniel Stenberg 3 years ago
parent
commit
3d8731c8f5
1 changed files with 2 additions and 2 deletions
  1. 2 2
      lib/ftp.c

+ 2 - 2
lib/ftp.c

@@ -1860,8 +1860,8 @@ static CURLcode ftp_state_pasv_resp(struct connectdata *conn,
   else if((ftpc->count1 == 1) &&
           (ftpcode == 227)) {
     /* positive PASV response */
-    unsigned int ip[4];
-    unsigned int port[2];
+    unsigned int ip[4] = {0, 0, 0, 0};
+    unsigned int port[2] = {0, 0};
 
     /*
      * Scan for a sequence of six comma-separated numbers and use them as