From 8d075b6e4dbf4599e7d26aa3f7043e81089ca078 Mon Sep 17 00:00:00 2001
From: Anatol Belski <ab@php.net>
Date: Sun, 14 Sep 2014 11:48:51 +0200
Subject: [PATCH] better way to zero away sensitive data

memset could be optimized away by the compiler
---
 ext/standard/php_crypt_r.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/ext/standard/php_crypt_r.c b/ext/standard/php_crypt_r.c
index 3098f247ef..4917ebce2f 100644
--- a/ext/standard/php_crypt_r.c
+++ b/ext/standard/php_crypt_r.c
@@ -206,7 +206,7 @@ char * php_md5_crypt_r(const char *pw, const char *salt, char *out) {
 	}
 
 	/* Don't leave anything around in vm they could use. */
-	memset(final, 0, sizeof(final));
+	RtlSecureZeroMemory(final, sizeof(final));
 
 	/* Then something really weird... */
 	for (i = pwl; i != 0; i >>= 1) {
@@ -288,7 +288,7 @@ char * php_md5_crypt_r(const char *pw, const char *salt, char *out) {
 
 	*p = '\0';
 
-	memset(final, 0, sizeof(final));
+	RtlSecureZeroMemory(final, sizeof(final));
 
 
 _destroyCtx1:
-- 
2.50.1