fix thread safety and zeroing method

weltling · weltling · commit db70a337ff79 · 2015-07-29T17:26:50.000+02:00
diff --git a/ext/standard/php_crypt_r.c b/ext/standard/php_crypt_r.c
@@ -318,7 +318,7 @@ char * php_md5_crypt_r(const char *pw, const char *salt, char *out) {
  */
 char * php_md5_crypt_r(const char *pw, const char *salt, char *out)
 {
-	static char passwd[MD5_HASH_MAX_LEN], *p;
+	ZEND_TLS char passwd[MD5_HASH_MAX_LEN], *p;
 	const char *sp, *ep;
 	unsigned char final[16];
 	unsigned int i, sl, pwl;
@@ -418,7 +418,7 @@ char * php_md5_crypt_r(const char *pw, const char *salt, char *out)
 	*p = '\0';
 
 	/* Don't leave anything around in vm they could use. */
-	memset(final, 0, sizeof(final));
+	ZEND_SECURE_ZERO(final, sizeof(final));
 	return (passwd);
 }
 
