From 5ceb83ff6cbed58b002a02ad306cf89bc0758ae3 Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Tue, 17 Aug 2021 09:50:02 +0200
Subject: [PATCH] getparameter: fix the --local-port number parser

It could previously get tricked into parsing the uninitialized stack
based buffer.

Reported-by: Brian Carpenter
Closes #7582
---
 src/tool_getparam.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/src/tool_getparam.c b/src/tool_getparam.c
index 641cca2e47..00e9542b3b 100644
--- a/src/tool_getparam.c
+++ b/src/tool_getparam.c
@@ -1006,8 +1006,9 @@ ParameterError getparameter(const char *flag, /* f or -long-flag */
         config->ftp_filemethod = ftpfilemethod(config, nextarg);
         break;
       case 's': { /* --local-port */
-        char lrange[7];  /* 16bit base 10 is 5 digits, but we allow 6 so that
-                            this catches overflows, not just truncates */
+        /* 16bit base 10 is 5 digits, but we allow 6 so that this catches
+           overflows, not just truncates */
+        char lrange[7]="";
         char *p = nextarg;
         while(ISDIGIT(*p))
           p++;