import explicit_bzero + strlc* functions update

since 1999 algorithms have changed and register k/w
not necessary anymore.

1 files changed, 4 insertions, 4 deletions

diff --git a/ext/standard/crypt.c b/ext/standard/crypt.c
index f2f778e764..99af6fb006 100644
--- a/ext/standard/crypt.c
+++ b/ext/standard/crypt.c
@@ -129,12 +129,12 @@ PHPAPI zend_string *php_crypt(const char *password, const int pass_len, const ch
 
 			crypt_res = php_sha512_crypt_r(password, salt, output, PHP_MAX_SALT_LEN);
 			if (!crypt_res) {
-				memset(output, 0, PHP_MAX_SALT_LEN);
+				explicit_bzero(output, PHP_MAX_SALT_LEN);
 				efree(output);
 				return NULL;
 			} else {
 				result = zend_string_init(output, strlen(output), 0);
-				memset(output, 0, PHP_MAX_SALT_LEN);
+				explicit_bzero(output, PHP_MAX_SALT_LEN);
 				efree(output);
 				return result;
 			}
@@ -144,12 +144,12 @@ PHPAPI zend_string *php_crypt(const char *password, const int pass_len, const ch
 
 			crypt_res = php_sha256_crypt_r(password, salt, output, PHP_MAX_SALT_LEN);
 			if (!crypt_res) {
-				memset(output, 0, PHP_MAX_SALT_LEN);
+				explicit_bzero(output, PHP_MAX_SALT_LEN);
 				efree(output);
 				return NULL;
 			} else {
 				result = zend_string_init(output, strlen(output), 0);
-				memset(output, 0, PHP_MAX_SALT_LEN);
+				explicit_bzero(output, PHP_MAX_SALT_LEN);
 				efree(output);
 				return result;
 			}