From: Anatol Belski <ab@php.net>
Date: Sun, 14 Sep 2014 09:48:51 +0000 (+0200)
Subject: better way to zero away sensitive data
X-Git-Tag: PRE_NATIVE_TLS_MERGE~158^2~85^2~53
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=8d075b6e4dbf4599e7d26aa3f7043e81089ca078;p=php

better way to zero away sensitive data

memset could be optimized away by the compiler
---

diff --git a/ext/standard/php_crypt_r.c b/ext/standard/php_crypt_r.c
index 3098f247ef..4917ebce2f 100644
--- a/ext/standard/php_crypt_r.c
+++ b/ext/standard/php_crypt_r.c
@@ -206,7 +206,7 @@ char * php_md5_crypt_r(const char *pw, const char *salt, char *out) {
 	}
 
 	/* Don't leave anything around in vm they could use. */
-	memset(final, 0, sizeof(final));
+	RtlSecureZeroMemory(final, sizeof(final));
 
 	/* Then something really weird... */
 	for (i = pwl; i != 0; i >>= 1) {
@@ -288,7 +288,7 @@ char * php_md5_crypt_r(const char *pw, const char *salt, char *out) {
 
 	*p = '\0';
 
-	memset(final, 0, sizeof(final));
+	RtlSecureZeroMemory(final, sizeof(final));
 
 
 _destroyCtx1: