Swoopy is precisely correct. Depending on the results of the encryption, calling strlen would do one of three things:
(1) You would get "lucky" and get the correct length.
(2) A zero in the middle of the string would fool strlen into thinking there were less characters.
(3) Strlen cruises straight past the array bounds and possibly raises an exception/crashes the computer!
So store the length of the first function parameter somewhere and consider the resultant "encrypted" array as "non-text", never invoking string-based functions upon it.
Two more suggestions: there is no need to allocate for the char in main like so. Just leave it be. Second, you call strlen in your function EVERY iteration of the loop, making it inefficient, especially if you are processing large chunks of memory.
Overall, I like your style, though. Good work.
char* XOREncrypt(const char* Text, const char* Key)
long CurIndex = 0, KeyIndex = 0, TextLen = strlen(Text), KeyLen = strlen(Key);
char *Out = new char[TextLen + 1];
for(CurIndex = 0; CurIndex < TextLen; CurIndex++)
Out[CurIndex] = Text[CurIndex] ^ Key[KeyIndex];
if(KeyIndex == KeyLen)
KeyIndex = 0;
Out[CurIndex] = 0; /*...null-term, so you can safely call string funcs (strlen, etc...)!
But remember - even so, that may not function as expected...*/
char Text = "testing", Key = "xSquared";
char* Encrypted = XOREncrypt(Text,Key);
printf("%s XOR %s = %s", Text, Key, Encrypted);
printf("Unreliable length: %i", strlen(Encrypted));