Mark parameter in ext/zip as sensitive

TimWolla · TimWolla · commit ab639455b7b2 · 2022-06-06T21:36:53.000+02:00
diff --git a/ext/zip/php_zip.c b/ext/zip/php_zip.c
@@ -26,6 +26,7 @@
 #include "ext/standard/php_string.h"
 #include "ext/pcre/php_pcre.h"
 #include "ext/standard/php_filestat.h"
+#include "zend_attributes.h"
 #include "zend_interfaces.h"
 #include "php_zip.h"
 #include "php_zip_arginfo.h"
@@ -3255,6 +3256,8 @@ static PHP_MINIT_FUNCTION(zip)
 	le_zip_dir   = zend_register_list_destructors_ex(php_zip_free_dir,   NULL, le_zip_dir_name,   module_number);
 	le_zip_entry = zend_register_list_destructors_ex(php_zip_free_entry, NULL, le_zip_entry_name, module_number);
 
+	register_php_zip_symbols(module_number, zip_class_entry);
+
 	return SUCCESS;
 }
 /* }}} */
diff --git a/ext/zip/php_zip.stub.php b/ext/zip/php_zip.stub.php
@@ -82,7 +82,10 @@ class ZipArchive implements Countable
     /** @tentative-return-type */
     public function open(string $filename, int $flags = 0): bool|int {}
 
-    /** @tentative-return-type */
+    /** 
+     * @sensitive-param $password
+     * @tentative-return-type
+     */
     public function setPassword(string $password): bool {}
 
     /** @tentative-return-type */
@@ -223,10 +226,16 @@ public function setCompressionName(string $name, int $method, int $compflags = 0
     public function setCompressionIndex(int $index, int $method, int $compflags = 0): bool {}
 
 #ifdef HAVE_ENCRYPTION
-    /** @tentative-return-type */
+    /** 
+     * @sensitive-param $password
+     * @tentative-return-type
+     */
     public function setEncryptionName(string $name, int $method, ?string $password = null): bool {}
 
-    /** @tentative-return-type */
+    /** 
+     * @sensitive-param $password
+     * @tentative-return-type
+     */
     public function setEncryptionIndex(int $index, int $method, ?string $password = null): bool {}
 #endif
 
diff --git a/ext/zip/php_zip_arginfo.h b/ext/zip/php_zip_arginfo.h
@@ -1,5 +1,5 @@
 /* This is a generated file, edit the .stub.php file instead.
- * Stub hash: f6542fda12c523584d476d2b733b4ccc0ffffe32 */
+ * Stub hash: 60d676af29f53bbc0a52c421975546ce2bef3a43 */
 
 ZEND_BEGIN_ARG_INFO_EX(arginfo_zip_open, 0, 0, 1)
 	ZEND_ARG_TYPE_INFO(0, filename, IS_STRING, 0)
@@ -486,6 +486,17 @@ static const zend_function_entry class_ZipArchive_methods[] = {
 	ZEND_FE_END
 };
 
+static void register_php_zip_symbols(int module_number, zend_class_entry *class_entry_ZipArchive)
+{
+    zend_mark_function_parameter_as_sensitive(&class_entry_ZipArchive->function_table, "setpassword", 0);
+#if defined(HAVE_ENCRYPTION)
+    zend_mark_function_parameter_as_sensitive(&class_entry_ZipArchive->function_table, "setencryptionname", 2);
+#endif
+#if defined(HAVE_ENCRYPTION)
+    zend_mark_function_parameter_as_sensitive(&class_entry_ZipArchive->function_table, "setencryptionindex", 2);
+#endif
+}
+
 static zend_class_entry *register_class_ZipArchive(zend_class_entry *class_entry_Countable)
 {
 	zend_class_entry ce, *class_entry;
