From 1a4401d40aabd9c33fcd122e929f3fbedfbf216f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tim=20D=C3=BCsterhus?= <duesterhus@woltlab.com>
Date: Tue, 12 Apr 2022 15:08:40 +0200
Subject: [PATCH] Mark parameter in ext/zip as sensitive

---
 ext/zip/php_zip.c         |  3 +++
 ext/zip/php_zip.stub.php  | 15 ++++++++++++---
 ext/zip/php_zip_arginfo.h | 13 ++++++++++++-
 3 files changed, 27 insertions(+), 4 deletions(-)

diff --git a/ext/zip/php_zip.c b/ext/zip/php_zip.c
index ab0ecda212f..7db9512c99e 100644
--- a/ext/zip/php_zip.c
+++ b/ext/zip/php_zip.c
@@ -26,6 +26,7 @@
 #include "ext/standard/php_string.h"
 #include "ext/pcre/php_pcre.h"
 #include "ext/standard/php_filestat.h"
+#include "zend_attributes.h"
 #include "zend_interfaces.h"
 #include "php_zip.h"
 #include "php_zip_arginfo.h"
@@ -3255,6 +3256,8 @@ static PHP_MINIT_FUNCTION(zip)
 	le_zip_dir   = zend_register_list_destructors_ex(php_zip_free_dir,   NULL, le_zip_dir_name,   module_number);
 	le_zip_entry = zend_register_list_destructors_ex(php_zip_free_entry, NULL, le_zip_entry_name, module_number);
 
+	register_php_zip_symbols(module_number, zip_class_entry);
+
 	return SUCCESS;
 }
 /* }}} */
diff --git a/ext/zip/php_zip.stub.php b/ext/zip/php_zip.stub.php
index 47df80df0e4..a0866e114b4 100644
--- a/ext/zip/php_zip.stub.php
+++ b/ext/zip/php_zip.stub.php
@@ -82,7 +82,10 @@ class ZipArchive implements Countable
     /** @tentative-return-type */
     public function open(string $filename, int $flags = 0): bool|int {}
 
-    /** @tentative-return-type */
+    /**
+     * @sensitive-param $password
+     * @tentative-return-type
+     */
     public function setPassword(string $password): bool {}
 
     /** @tentative-return-type */
@@ -223,10 +226,16 @@ class ZipArchive implements Countable
     public function setCompressionIndex(int $index, int $method, int $compflags = 0): bool {}
 
 #ifdef HAVE_ENCRYPTION
-    /** @tentative-return-type */
+    /**
+     * @sensitive-param $password
+     * @tentative-return-type
+     */
     public function setEncryptionName(string $name, int $method, ?string $password = null): bool {}
 
-    /** @tentative-return-type */
+    /**
+     * @sensitive-param $password
+     * @tentative-return-type
+     */
     public function setEncryptionIndex(int $index, int $method, ?string $password = null): bool {}
 #endif
 
diff --git a/ext/zip/php_zip_arginfo.h b/ext/zip/php_zip_arginfo.h
index b642f634778..80a8a34b590 100644
--- a/ext/zip/php_zip_arginfo.h
+++ b/ext/zip/php_zip_arginfo.h
@@ -1,5 +1,5 @@
 /* This is a generated file, edit the .stub.php file instead.
- * Stub hash: f6542fda12c523584d476d2b733b4ccc0ffffe32 */
+ * Stub hash: f8ec36ea62bfbdb74cfa6472227e08d9282413a2 */
 
 ZEND_BEGIN_ARG_INFO_EX(arginfo_zip_open, 0, 0, 1)
 	ZEND_ARG_TYPE_INFO(0, filename, IS_STRING, 0)
@@ -486,6 +486,17 @@ static const zend_function_entry class_ZipArchive_methods[] = {
 	ZEND_FE_END
 };
 
+static void register_php_zip_symbols(int module_number, zend_class_entry *class_entry_ZipArchive)
+{
+    zend_mark_function_parameter_as_sensitive(&class_entry_ZipArchive->function_table, "setpassword", 0);
+#if defined(HAVE_ENCRYPTION)
+    zend_mark_function_parameter_as_sensitive(&class_entry_ZipArchive->function_table, "setencryptionname", 2);
+#endif
+#if defined(HAVE_ENCRYPTION)
+    zend_mark_function_parameter_as_sensitive(&class_entry_ZipArchive->function_table, "setencryptionindex", 2);
+#endif
+}
+
 static zend_class_entry *register_class_ZipArchive(zend_class_entry *class_entry_Countable)
 {
 	zend_class_entry ce, *class_entry;