string: Made ssh_string_new() to zero-init payload on creation

david-cermakrequested to merge
david-cermak/libssh-mirror:fix/mlkem_harden into master

Additional hardening patches to hybrid-mlkem related to 3ce8bf32895002ae2ad02bb50d0e04b02b2a7314 fix

I submitted a similar patch via security@libssh.org but it had already been accepted, so I dissected the hardening part and posting separately here

Additional hardening realated to 3ce8bf3289 fix that
switches ssh_string_new() to calloc() so the payload bytes
are zero-initialised. ssh_string is used throughout libssh as a
byte container for wire data and crypto material; the uninitialised
payload is never semantically meaningful, and zeroing it kills the
"forgot to check read_len" class of bugs at the source.

Checklist

  • Commits have Signed-off-by: with name/author being identical to the commit author
  • Code modified for feature
  • Test suite updated with functionality tests
  • Test suite updated with negative tests
  • Documentation updated

Reviewer's checklist:

  • Any issues marked for closing are addressed
  • There is a test suite reasonably covering new functionality or modifications
  • Function naming, parameters, return values, types, etc., are consistent and according to CONTRIBUTING.md
  • This feature/change has adequate documentation added
  • No obvious mistakes in the code
Edited by david-cermak

Merge request reports