From 1e7988cb0d8dae32148b04dd93e919a770599f30 Mon Sep 17 00:00:00 2001
From: Marc Hoersken <info@marc-hoersken.de>
Date: Mon, 23 Mar 2015 23:04:24 +0100
Subject: [PATCH] scp.c: fix that scp_recv may transmit not initialised memory

---
 src/scp.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/src/scp.c b/src/scp.c
index d73b6391f3..a36993910f 100644
--- a/src/scp.c
+++ b/src/scp.c
@@ -299,10 +299,17 @@ scp_recv(LIBSSH2_SESSION * session, const char *path, struct stat * sb)
 
         cmd_len = strlen((char *)session->scpRecv_command);
 
+        memset(&session->scpRecv_command[cmd_len], 0,
+               session->scpRecv_command_len - cmd_len);
+
         (void) shell_quotearg(path,
                               &session->scpRecv_command[cmd_len],
                               session->scpRecv_command_len - cmd_len);
 
+        session->scpRecv_command[session->scpRecv_command_len - 1] = '\0';
+
+        session->scpRecv_command_len =
+            strlen((char *)session->scpRecv_command);
 
         _libssh2_debug(session, LIBSSH2_TRACE_SCP,
                        "Opening channel for SCP receive");