From d94a96bf23a982e6047cf5c128804b014e1f92eb Mon Sep 17 00:00:00 2001
From: David Cermak <d_cermak@centrum.cz>
Date: Tue, 5 May 2026 07:14:20 +0200
Subject: [PATCH] string: Made ssh_string_new() to zero-init payload on
 creation

Additional hardening realated to 3ce8bf3289 fix that
switches ssh_string_new() to calloc() so the payload bytes
are zero-initialised. ssh_string is used throughout libssh as a
byte container for wire data and crypto material; the uninitialised
payload is never semantically meaningful, and zeroing it kills the
"forgot to check read_len" class of bugs at the source.

Signed-off-by: David Cermak <d_cermak@centrum.cz>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Merge-Request: <https://gitlab.com/libssh/libssh-mirror/-/merge_requests/829>
---
 src/string.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/src/string.c b/src/string.c
index e78737b3..ba9283b2 100644
--- a/src/string.c
+++ b/src/string.c
@@ -62,13 +62,12 @@ struct ssh_string_struct *ssh_string_new(size_t size)
         return NULL;
     }
 
-    str = malloc(sizeof(struct ssh_string_struct) + size);
+    str = calloc(1, sizeof(struct ssh_string_struct) + size);
     if (str == NULL) {
         return NULL;
     }
 
     str->size = htonl((uint32_t)size);
-    str->data[0] = 0;
 
     return str;
 }