mirror/curl
2
0
Fork 0
mirror of https://github.com/curl/curl.git synced 2024-12-15 06:40:09 +08:00
Code Issues Packages Projects Releases Wiki Activity

getparameter: fix the --local-port number parser

Browse Source 
It could previously get tricked into parsing the uninitialized stack
based buffer.

Reported-by: Brian Carpenter
Closes #7582
This commit is contained in:
Daniel Stenberg 2021-08-17 09:50:02 +02:00
parent 04f46a2a1a
commit 5ceb83ff6c
No known key found for this signature in database
GPG Key ID: 5CC908FDB71E12C2
1 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
src/tool_getparam.c
View File

@ -1006,8 +1006,9 @@ ParameterError getparameter(const char *flag, /* f or -long-flag */
config->ftp_filemethod = ftpfilemethod(config, nextarg);
break;
case 's': { /* --local-port */
char lrange[7]; /* 16bit base 10 is 5 digits, but we allow 6 so that
this catches overflows, not just truncates */
/* 16bit base 10 is 5 digits, but we allow 6 so that this catches
overflows, not just truncates */
char lrange[7]="";
char *p = nextarg;
while(ISDIGIT(*p))
p++;