From: Jan Grulich <jgrulich@redhat.com>
Date: Tue, 25 May 2021 12:18:48 +0000 (+0200)
Subject: CharArray: pre-fill empty array with zeroes
X-Git-Tag: v1.11.90~42
X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=ba837fd283adbf462137be97ed6a1970a6c37b67;p=tigervnc.git

CharArray: pre-fill empty array with zeroes

CharArray should always be null-terminated. There is a potential
scenario where this all might lead to crash. In Password we call
memset(), passing length of the array we get with strlen(), but
this won't return correct value when the array is not properly
null-terminated.
---

diff --git a/common/rfb/util.h b/common/rfb/util.h
index 3100f90f..eac72dd0 100644
--- a/common/rfb/util.h
+++ b/common/rfb/util.h
@@ -52,6 +52,7 @@ namespace rfb {
     CharArray(char* str) : buf(str) {} // note: assumes ownership
     CharArray(size_t len) {
       buf = new char[len]();
+      memset(buf, 0, len);
     }
     ~CharArray() {
       delete [] buf;