fix thread safety and zeroing method

author: Anatol Belski <ab@php.net> 2015-07-29 13:35:26 +0200
committer: Anatol Belski <ab@php.net> 2015-07-29 17:26:50 +0200
commit: db70a337ff79be773b82e00a7483f69727af25aa (patch)
tree: 1365f1837aaacdbdd6fcd4bf3b5166467f783309 /ext/standard/php_crypt_r.c
parent: 2aa9db5a229b60a3b5ad092ec5ec3f53c68bf1d0 (diff)
download: php-git-db70a337ff79be773b82e00a7483f69727af25aa.tar.gz
1 files changed, 2 insertions, 2 deletions
diff --git a/ext/standard/php_crypt_r.c b/ext/standard/php_crypt_r.c
index 39185a66c3..bb88e08027 100644
--- a/ext/standard/php_crypt_r.c
+++ b/ext/standard/php_crypt_r.c
@@ -318,7 +318,7 @@ _destroyProv:
  */
 char * php_md5_crypt_r(const char *pw, const char *salt, char *out)
 {
-	static char passwd[MD5_HASH_MAX_LEN], *p;
+	ZEND_TLS char passwd[MD5_HASH_MAX_LEN], *p;
 	const char *sp, *ep;
 	unsigned char final[16];
 	unsigned int i, sl, pwl;
@@ -418,7 +418,7 @@ char * php_md5_crypt_r(const char *pw, const char *salt, char *out)
 	*p = '\0';
 
 	/* Don't leave anything around in vm they could use. */
-	memset(final, 0, sizeof(final));
+	ZEND_SECURE_ZERO(final, sizeof(final));
 	return (passwd);
 }
author	Anatol Belski <ab@php.net>	2015-07-29 13:35:26 +0200
committer	Anatol Belski <ab@php.net>	2015-07-29 17:26:50 +0200
commit	db70a337ff79be773b82e00a7483f69727af25aa (patch)
tree	1365f1837aaacdbdd6fcd4bf3b5166467f783309 /ext/standard/php_crypt_r.c
parent	2aa9db5a229b60a3b5ad092ec5ec3f53c68bf1d0 (diff)
download	php-git-db70a337ff79be773b82e00a7483f69727af25aa.tar.gz