2 files changed, 9 insertions, 0 deletions

diff --git a/src/common/crypto.c b/src/common/crypto.c
index 925beb3529..63276146aa 100644
--- a/src/common/crypto.c
+++ b/src/common/crypto.c
@@ -2678,6 +2678,8 @@ base64_decode(char *dest, size_t destlen, const char *src, size_t srclen)
   if (destlen > SIZE_T_CEILING)
     return -1;
 
+  memset(dest, 0, destlen);
+
   EVP_DecodeInit(&ctx);
   EVP_DecodeUpdate(&ctx, (unsigned char*)dest, &len,
                    (unsigned char*)src, srclen);
@@ -2699,6 +2701,8 @@ base64_decode(char *dest, size_t destlen, const char *src, size_t srclen)
   if (destlen > SIZE_T_CEILING)
     return -1;
 
+  memset(dest, 0, destlen);
+
   /* Iterate over all the bytes in src.  Each one will add 0 or 6 bits to the
    * value we're decoding.  Accumulate bits in <b>n</b>, and whenever we have
    * 24 bits, batch them into 3 bytes and flush those bytes to dest.
@@ -2878,6 +2882,8 @@ base32_decode(char *dest, size_t destlen, const char *src, size_t srclen)
   tor_assert((nbits/8) <= destlen); /* We need enough space. */
   tor_assert(destlen < SIZE_T_CEILING);
 
+  memset(dest, 0, destlen);
+
   /* Convert base32 encoded chars to the 5-bit values that they represent. */
   tmp = tor_malloc_zero(srclen);
   for (j = 0; j < srclen; ++j) {
diff --git a/src/common/util.c b/src/common/util.c
index 5eb0f9a69b..036fd2542c 100644
--- a/src/common/util.c
+++ b/src/common/util.c
@@ -1076,6 +1076,9 @@ base16_decode(char *dest, size_t destlen, const char *src, size_t srclen)
     return -1;
   if (destlen < srclen/2 || destlen > SIZE_T_CEILING)
     return -1;
+
+  memset(dest, 0, destlen);
+
   end = src+srclen;
   while (src<end) {
     v1 = hex_decode_digit_(*src);