fix thread safety and zeroing method

author Anatol Belski <ab@php.net>

Wed, 29 Jul 2015 11:35:26 +0000 (13:35 +0200)

committer Anatol Belski <ab@php.net>

Wed, 29 Jul 2015 15:26:50 +0000 (17:26 +0200)
author Anatol Belski <ab@php.net>
Wed, 29 Jul 2015 11:35:26 +0000 (13:35 +0200)
committer Anatol Belski <ab@php.net>
Wed, 29 Jul 2015 15:26:50 +0000 (17:26 +0200)
diff --git a/ext/standard/php_crypt_r.c b/ext/standard/php_crypt_r.c

index 39185a66c356b1f47713d5bf7312635794efc22f..bb88e0802771d0ca3aaa7b0c3dc554e86a059266 100644 (file)
--- a/ext/standard/php_crypt_r.c
+++ b/ext/standard/php_crypt_r.c
@@ -318,7 +318,7 @@ _destroyProv:
   */
  char * php_md5_crypt_r(const char *pw, const char *salt, char *out)
  {
-       static char passwd[MD5_HASH_MAX_LEN], *p;
+       ZEND_TLS char passwd[MD5_HASH_MAX_LEN], *p;
         const char *sp, *ep;
         unsigned char final[16];
         unsigned int i, sl, pwl;
@@ -418,7 +418,7 @@ char * php_md5_crypt_r(const char *pw, const char *salt, char *out)
         *p = '\0';
  
         /* Don't leave anything around in vm they could use. */
-       memset(final, 0, sizeof(final));
+       ZEND_SECURE_ZERO(final, sizeof(final));
         return (passwd);
  }
author	Anatol Belski <ab@php.net>
	Wed, 29 Jul 2015 11:35:26 +0000 (13:35 +0200)
committer	Anatol Belski <ab@php.net>
	Wed, 29 Jul 2015 15:26:50 +0000 (17:26 +0200)