diff options
| author | Anatol Belski <ab@php.net> | 2014-09-18 22:18:27 +0200 |
|---|---|---|
| committer | Anatol Belski <ab@php.net> | 2014-09-19 00:06:38 +0200 |
| commit | 4722d85c1ea3d8dfb9852f1f5cbb7310543e0779 (patch) | |
| tree | c6ef0fe9f8e7e5ebf5869957dc96b2a87d0e0620 | |
| parent | bb89ac8408d6139feef9aa318b69e4ac5ee31106 (diff) | |
| download | php-git-4722d85c1ea3d8dfb9852f1f5cbb7310543e0779.tar.gz | |
zero sensitive data more secure way
| -rw-r--r-- | ext/standard/crypt_sha256.c | 16 |
1 files changed, 15 insertions, 1 deletions
diff --git a/ext/standard/crypt_sha256.c b/ext/standard/crypt_sha256.c index e53f488805..bf07eaa320 100644 --- a/ext/standard/crypt_sha256.c +++ b/ext/standard/crypt_sha256.c @@ -571,6 +571,20 @@ char * php_sha256_crypt_r(const char *key, const char *salt, char *buffer, int b inside the SHA256 implementation as well. */ sha256_init_ctx(&ctx); sha256_finish_ctx(&ctx, alt_result); +#ifdef PHP_WIN32 + RtlSecureZeroMemory(temp_result, sizeof(temp_result)); + RtlSecureZeroMemory(p_bytes, key_len); + RtlSecureZeroMemory(s_bytes, salt_len); + RtlSecureZeroMemory(&ctx, sizeof(ctx)); + RtlSecureZeroMemory(&alt_ctx, sizeof(alt_ctx)); + + if (copied_key != NULL) { + RtlSecureZeroMemory(copied_key, key_len); + } + if (copied_salt != NULL) { + RtlSecureZeroMemory(copied_salt, salt_len); + } +#else memset(temp_result, '\0', sizeof(temp_result)); memset(p_bytes, '\0', key_len); memset(s_bytes, '\0', salt_len); @@ -579,11 +593,11 @@ char * php_sha256_crypt_r(const char *key, const char *salt, char *buffer, int b if (copied_key != NULL) { memset(copied_key, '\0', key_len); - } if (copied_salt != NULL) { memset(copied_salt, '\0', salt_len); } +#endif return buffer; } |