diff options
| author | Anatol Belski <ab@php.net> | 2014-09-18 22:13:30 +0200 |
|---|---|---|
| committer | Anatol Belski <ab@php.net> | 2014-09-19 00:06:37 +0200 |
| commit | bb89ac8408d6139feef9aa318b69e4ac5ee31106 (patch) | |
| tree | 3270e0f3353bd89871eb13dbf19f6aa05ecf1025 | |
| parent | 732c49b433513860073c9b12658e807db97c051b (diff) | |
| download | php-git-bb89ac8408d6139feef9aa318b69e4ac5ee31106.tar.gz | |
zero sensitive data more secure way
| -rw-r--r-- | ext/standard/crypt_sha512.c | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/ext/standard/crypt_sha512.c b/ext/standard/crypt_sha512.c index 0f696f5cd3..0b6c338d61 100644 --- a/ext/standard/crypt_sha512.c +++ b/ext/standard/crypt_sha512.c @@ -619,6 +619,19 @@ php_sha512_crypt_r(const char *key, const char *salt, char *buffer, int buflen) inside the SHA512 implementation as well. */ sha512_init_ctx(&ctx); sha512_finish_ctx(&ctx, alt_result); +#ifdef PHP_WIN32 + RtlSecureZeroMemory(temp_result, sizeof(temp_result)); + RtlSecureZeroMemory(p_bytes, key_len); + RtlSecureZeroMemory(s_bytes, salt_len); + RtlSecureZeroMemory(&ctx, sizeof(ctx)); + RtlSecureZeroMemory(&alt_ctx, sizeof(alt_ctx)); + if (copied_key != NULL) { + RtlSecureZeroMemory(copied_key, key_len); + } + if (copied_salt != NULL) { + RtlSecureZeroMemory(copied_salt, salt_len); + } +#else memset(temp_result, '\0', sizeof(temp_result)); memset(p_bytes, '\0', key_len); memset(s_bytes, '\0', salt_len); @@ -630,6 +643,7 @@ php_sha512_crypt_r(const char *key, const char *salt, char *buffer, int buflen) if (copied_salt != NULL) { memset(copied_salt, '\0', salt_len); } +#endif return buffer; } |