Mark parameter in ext/oci8 as sensitive

TimWolla · TimWolla · commit c6d26481b617 · 2022-06-10T14:56:02.000+02:00
diff --git a/ext/oci8/oci8.c b/ext/oci8/oci8.c
@@ -31,6 +31,7 @@
 #include "php.h"
 #include "ext/standard/info.h"
 #include "php_ini.h"
+#include "zend_attributes.h"
 #include "zend_smart_str.h"
 
 #ifdef HAVE_OCI8
@@ -385,6 +386,8 @@ PHP_MINIT_FUNCTION(oci)
 
 	REGISTER_LONG_CONSTANT("OCI_FO_RETRY", OCI_FO_RETRY, CONST_CS | CONST_PERSISTENT);
 
+	register_oci8_symbols(module_number);
+
 	return SUCCESS;
 }
 
diff --git a/ext/oci8/oci8.stub.php b/ext/oci8/oci8.stub.php
@@ -294,32 +294,42 @@ function oci_close($connection): ?bool {}
  */
 function ocilogoff($connection): ?bool {}
 
-/** @return resource|false */
+/**
+ * @sensitive-param $password
+ * @return resource|false
+ */
 function oci_new_connect(string $username, string $password, ?string $connection_string = null, string $encoding = "", int $session_mode = OCI_DEFAULT) {}
 
 /**
+ * @sensitive-param $password
  * @return resource|false
  * @alias oci_new_connect
  * @deprecated
  */
 function ocinlogon(string $username, string $password, ?string $connection_string = null, string $encoding = "", int $session_mode = OCI_DEFAULT) {}
 
 /**
+ * @sensitive-param $password
  * @return resource|false
  */
 function oci_connect(string $username, string $password, ?string $connection_string = null, string $encoding = "", int $session_mode = OCI_DEFAULT) {}
 
 /**
+ * @sensitive-param $password
  * @return resource|false
  * @alias oci_connect
  * @deprecated
  */
 function ocilogon(string $username, string $password, ?string $connection_string = null, string $encoding = "", int $session_mode = OCI_DEFAULT) {}
 
-/** @return resource|false */
+/**
+ * @sensitive-param $password
+ * @return resource|false
+ */
 function oci_pconnect(string $username, string $password, ?string $connection_string = null, string $encoding = "", int $session_mode = OCI_DEFAULT) {}
 
 /**
+ * @sensitive-param $password
  * @return resource|false
  * @alias oci_pconnect
  * @deprecated
diff --git a/ext/oci8/oci8_arginfo.h b/ext/oci8/oci8_arginfo.h
@@ -1,5 +1,5 @@
 /* This is a generated file, edit the .stub.php file instead.
- * Stub hash: 9db587b5d431b9dfe7178fd843ae8907db737a04 */
+ * Stub hash: db170b61403c53d4d420d0095031944f3d036508 */
 
 ZEND_BEGIN_ARG_WITH_RETURN_TYPE_INFO_EX(arginfo_oci_define_by_name, 0, 3, _IS_BOOL, 0)
 	ZEND_ARG_INFO(0, statement)
@@ -799,6 +799,16 @@ static const zend_function_entry class_OCICollection_methods[] = {
 	ZEND_FE_END
 };
 
+static void register_oci8_symbols(int module_number)
+{
+    zend_mark_function_parameter_as_sensitive(CG(function_table), "oci_new_connect", 1);
+    zend_mark_function_parameter_as_sensitive(CG(function_table), "ocinlogon", 1);
+    zend_mark_function_parameter_as_sensitive(CG(function_table), "oci_connect", 1);
+    zend_mark_function_parameter_as_sensitive(CG(function_table), "ocilogon", 1);
+    zend_mark_function_parameter_as_sensitive(CG(function_table), "oci_pconnect", 1);
+    zend_mark_function_parameter_as_sensitive(CG(function_table), "ociplogon", 1);
+}
+
 static zend_class_entry *register_class_OCILob(void)
 {
 	zend_class_entry ce, *class_entry;
