diff options
| author | Anatol Belski <ab@php.net> | 2014-09-14 11:48:51 +0200 |
|---|---|---|
| committer | Anatol Belski <ab@php.net> | 2014-09-14 11:48:51 +0200 |
| commit | 8d075b6e4dbf4599e7d26aa3f7043e81089ca078 (patch) | |
| tree | 39a46d7f6f0c126b2d43dd724914a78f6e941822 /ext/standard/php_crypt_r.c | |
| parent | 041302a8f7c6162116bf30019c5eeeb9dafd26b2 (diff) | |
| download | php-git-8d075b6e4dbf4599e7d26aa3f7043e81089ca078.tar.gz | |
better way to zero away sensitive data
memset could be optimized away by the compiler
Diffstat (limited to 'ext/standard/php_crypt_r.c')
| -rw-r--r-- | ext/standard/php_crypt_r.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/ext/standard/php_crypt_r.c b/ext/standard/php_crypt_r.c index 3098f247ef..4917ebce2f 100644 --- a/ext/standard/php_crypt_r.c +++ b/ext/standard/php_crypt_r.c @@ -206,7 +206,7 @@ char * php_md5_crypt_r(const char *pw, const char *salt, char *out) { } /* Don't leave anything around in vm they could use. */ - memset(final, 0, sizeof(final)); + RtlSecureZeroMemory(final, sizeof(final)); /* Then something really weird... */ for (i = pwl; i != 0; i >>= 1) { @@ -288,7 +288,7 @@ char * php_md5_crypt_r(const char *pw, const char *salt, char *out) { *p = '\0'; - memset(final, 0, sizeof(final)); + RtlSecureZeroMemory(final, sizeof(final)); _destroyCtx1: |