Need to zero allocations before use.

[ahknight]

Currently CS uses malloc() to allocate memory. This allocation is not zeroed and old data resides there. While most operations will succeed and overwrite the data, the best practice (especially in a security class) is to use calloc() instead to zero out the allocation before use.

malloc(1024) -> calloc(1024,1)

http://www.diffen.com/difference/Calloc_vs_Malloc#Security_considerations http://stackoverflow.com/questions/8029584/why-does-malloc-initialize-the-values-to-0-in-gcc