From: Anatol Belski <ab@php.net>
Date: Thu, 18 Sep 2014 20:02:04 +0000 (+0200)
Subject: zero sensitive data more secure way
X-Git-Tag: POST_NATIVE_TLS_MERGE^2~211
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=2b77a57d884fab11dd54da0d78cb16a0496e76b4;p=php

zero sensitive data more secure way
---

diff --git a/ext/standard/crypt.c b/ext/standard/crypt.c
index 1a9acf5bd6..b2524a0767 100644
--- a/ext/standard/crypt.c
+++ b/ext/standard/crypt.c
@@ -211,7 +211,11 @@ PHPAPI zend_string *php_crypt(const char *password, const int pass_len, const ch
 				return NULL;
 			} else {
 				result = zend_string_init(output, strlen(output), 0);
+#ifdef PHP_WIN32
+				RtlSecureZeroMemory(output, PHP_MAX_SALT_LEN + 1);
+#else
 				memset(output, 0, PHP_MAX_SALT_LEN + 1);
+#endif
 				return result;
 			}
 		} else {