From ba837fd283adbf462137be97ed6a1970a6c37b67 Mon Sep 17 00:00:00 2001
From: Jan Grulich <jgrulich@redhat.com>
Date: Tue, 25 May 2021 14:18:48 +0200
Subject: [PATCH] CharArray: pre-fill empty array with zeroes

CharArray should always be null-terminated. There is a potential
scenario where this all might lead to crash. In Password we call
memset(), passing length of the array we get with strlen(), but
this won't return correct value when the array is not properly
null-terminated.
---
 common/rfb/util.h | 1 +
 1 file changed, 1 insertion(+)

diff --git a/common/rfb/util.h b/common/rfb/util.h
index 3100f90f..eac72dd0 100644
--- a/common/rfb/util.h
+++ b/common/rfb/util.h
@@ -52,6 +52,7 @@ namespace rfb {
     CharArray(char* str) : buf(str) {} // note: assumes ownership
     CharArray(size_t len) {
       buf = new char[len]();
+      memset(buf, 0, len);
     }
     ~CharArray() {
       delete [] buf;
-- 
2.39.5