From db70a337ff79be773b82e00a7483f69727af25aa Mon Sep 17 00:00:00 2001
From: Anatol Belski <ab@php.net>
Date: Wed, 29 Jul 2015 13:35:26 +0200
Subject: fix thread safety and zeroing method

---
 ext/standard/php_crypt_r.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'ext/standard/php_crypt_r.c')

diff --git a/ext/standard/php_crypt_r.c b/ext/standard/php_crypt_r.c
index 39185a66c3..bb88e08027 100644
--- a/ext/standard/php_crypt_r.c
+++ b/ext/standard/php_crypt_r.c
@@ -318,7 +318,7 @@ _destroyProv:
  */
 char * php_md5_crypt_r(const char *pw, const char *salt, char *out)
 {
-	static char passwd[MD5_HASH_MAX_LEN], *p;
+	ZEND_TLS char passwd[MD5_HASH_MAX_LEN], *p;
 	const char *sp, *ep;
 	unsigned char final[16];
 	unsigned int i, sl, pwl;
@@ -418,7 +418,7 @@ char * php_md5_crypt_r(const char *pw, const char *salt, char *out)
 	*p = '\0';
 
 	/* Don't leave anything around in vm they could use. */
-	memset(final, 0, sizeof(final));
+	ZEND_SECURE_ZERO(final, sizeof(final));
 	return (passwd);
 }
 
-- 
cgit v1.2.1