From 588db7cecf6cf8b351de0fecdfc7de70f54bf1b1 Mon Sep 17 00:00:00 2001
From: Stanislav Malyshev <stas@php.net>
Date: Sat, 6 Apr 2019 18:15:42 -0700
Subject: Always use ZEND_SECURE_ZERO() when cleaning up data

Optimizing compilers have an annoying tendency to throw out
memsets over data that they think aren't used anymore. Apply secure
zero-out in cases where this has potential to happen.
---
 ext/hash/hash_sha3.c       | 2 +-
 ext/hash/hash_snefru.c     | 2 +-
 ext/mcrypt/mcrypt.c        | 2 ++
 ext/standard/php_crypt_r.c | 2 +-
 ext/standard/sha1.c        | 4 ++--
 5 files changed, 7 insertions(+), 5 deletions(-)

diff --git a/ext/hash/hash_sha3.c b/ext/hash/hash_sha3.c
index 3866854e15..472cd9a2b1 100644
--- a/ext/hash/hash_sha3.c
+++ b/ext/hash/hash_sha3.c
@@ -191,7 +191,7 @@ static void PHP_SHA3_Final(unsigned char* digest,
 	}
 
 	// Zero out context
-	memset(ctx, 0, sizeof(PHP_SHA3_CTX));
+	ZEND_SECURE_ZERO(ctx, sizeof(PHP_SHA3_CTX));
 }
 
 // ==========================================================================
diff --git a/ext/hash/hash_snefru.c b/ext/hash/hash_snefru.c
index 931c31850c..c36d2791d4 100644
--- a/ext/hash/hash_snefru.c
+++ b/ext/hash/hash_snefru.c
@@ -129,7 +129,7 @@ static inline void SnefruTransform(PHP_SNEFRU_CTX *context, const unsigned char
 								((input[i+2] & 0xff) << 8) | (input[i+3] & 0xff);
 	}
 	Snefru(context->state);
-	memset(&context->state[8], 0, sizeof(uint32_t) * 8);
+	ZEND_SECURE_ZERO(&context->state[8], sizeof(uint32_t) * 8);
 }
 
 PHP_HASH_API void PHP_SNEFRUInit(PHP_SNEFRU_CTX *context)
diff --git a/ext/mcrypt/mcrypt.c b/ext/mcrypt/mcrypt.c
index 94a5c45e9d..e38b9c55aa 100644
--- a/ext/mcrypt/mcrypt.c
+++ b/ext/mcrypt/mcrypt.c
@@ -605,6 +605,8 @@ PHP_FUNCTION(mcrypt_generic_init)
 	}
 	RETVAL_LONG(result);
 
+	ZEND_SECURE_ZERO(key_s, key_len);
+	ZEND_SECURE_ZERO(iv_s, iv_len);
 	efree(iv_s);
 	efree(key_s);
 }
diff --git a/ext/standard/php_crypt_r.c b/ext/standard/php_crypt_r.c
index f8c1843f85..a3b348ca3d 100644
--- a/ext/standard/php_crypt_r.c
+++ b/ext/standard/php_crypt_r.c
@@ -364,7 +364,7 @@ char * php_md5_crypt_r(const char *pw, const char *salt, char *out)
 		PHP_MD5Update(&ctx, final, (unsigned int)(pl > 16 ? 16 : pl));
 
 	/* Don't leave anything around in vm they could use. */
-	memset(final, 0, sizeof(final));
+	ZEND_SECURE_ZERO(final, sizeof(final));
 
 	/* Then something really weird... */
 	for (i = pwl; i != 0; i >>= 1)
diff --git a/ext/standard/sha1.c b/ext/standard/sha1.c
index 392523d2cc..7571875415 100644
--- a/ext/standard/sha1.c
+++ b/ext/standard/sha1.c
@@ -245,7 +245,7 @@ PHPAPI void PHP_SHA1Final(unsigned char digest[20], PHP_SHA1_CTX * context)
 
 	/* Zeroize sensitive information.
 	 */
-	memset((unsigned char*) context, 0, sizeof(*context));
+	ZEND_SECURE_ZERO((unsigned char*) context, sizeof(*context));
 }
 /* }}} */
 
@@ -356,7 +356,7 @@ const unsigned char block[64];
 	state[4] += e;
 
 	/* Zeroize sensitive information. */
-	memset((unsigned char*) x, 0, sizeof(x));
+	ZEND_SECURE_ZERO((unsigned char*) x, sizeof(x));
 }
 /* }}} */
 
-- 
cgit v1.2.1