From de6e24d17eac26d9da7e20eef7a49b1f5334e578 Mon Sep 17 00:00:00 2001
From: Eric Biggers <ebiggers3@gmail.com>
Date: Thu, 28 Aug 2014 02:06:39 -0500
Subject: [PATCH] win32_apply.c: set_short_name(): Zero buffer

---
 src/win32_apply.c | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/src/win32_apply.c b/src/win32_apply.c
index 133eeff2..987a4fa8 100644
--- a/src/win32_apply.c
+++ b/src/win32_apply.c
@@ -859,20 +859,22 @@ set_short_name(HANDLE h, const struct wim_dentry *dentry,
 	 * with the former case being removing the existing short name if
 	 * present, rather than setting one.
 	 *
-	 * FileName seemingly does not, however, need to be null-terminated in
-	 * any case.
+	 * The null terminator is seemingly optional, but to be safe we include
+	 * space for it and zero all unused space.
 	 */
 
 	size_t bufsize = offsetof(FILE_NAME_INFORMATION, FileName) +
-			 max(dentry->short_name_nbytes, 2 * sizeof(wchar_t));
+			 max(dentry->short_name_nbytes, sizeof(wchar_t)) +
+			 sizeof(wchar_t);
 	u8 buf[bufsize] _aligned_attribute(8);
 	FILE_NAME_INFORMATION *info = (FILE_NAME_INFORMATION *)buf;
 	NTSTATUS status;
 
+	memset(buf, 0, bufsize);
+
 	info->FileNameLength = dentry->short_name_nbytes;
 	memcpy(info->FileName, dentry->short_name, dentry->short_name_nbytes);
 
-
 retry:
 	status = (*func_NtSetInformationFile)(h, &ctx->iosb, info, bufsize,
 					      FileShortNameInformation);
-- 
2.43.0