From c0b0db3164f34abe8d129a60f1d42ec8c3da8f49 Mon Sep 17 00:00:00 2001 From: Niels Dossche <7771979+ndossche@users.noreply.github.com> Date: Sun, 9 Nov 2025 15:18:22 +0100 Subject: [PATCH 1/2] Fix GH-20435: SensitiveParameter doesn't work for named argument passing to variadic parameter --- Zend/tests/function_arguments/gh20435.phpt | 14 +++++++++++++ Zend/zend_builtin_functions.c | 23 ++++++++++++++++++++-- 2 files changed, 35 insertions(+), 2 deletions(-) create mode 100644 Zend/tests/function_arguments/gh20435.phpt diff --git a/Zend/tests/function_arguments/gh20435.phpt b/Zend/tests/function_arguments/gh20435.phpt new file mode 100644 index 0000000000000..e360b873d3ced --- /dev/null +++ b/Zend/tests/function_arguments/gh20435.phpt @@ -0,0 +1,14 @@ +--TEST-- +GH-20435 (SensitiveParameter doesn't work for named argument passing to variadic parameter) +--FILE-- + +--EXPECTF-- +#0 %s(%d): test(2, b: Object(SensitiveParameterValue), c: Object(SensitiveParameterValue)) diff --git a/Zend/zend_builtin_functions.c b/Zend/zend_builtin_functions.c index a7e8a4fabf1f0..473d94e220c1e 100644 --- a/Zend/zend_builtin_functions.c +++ b/Zend/zend_builtin_functions.c @@ -1683,11 +1683,30 @@ static void debug_backtrace_get_args(zend_execute_data *call, zval *arg_array) / if (ZEND_CALL_INFO(call) & ZEND_CALL_HAS_EXTRA_NAMED_PARAMS) { zend_string *name; zval *arg; + + bool is_sensitive = false; + if (call->func->common.fn_flags & ZEND_ACC_VARIADIC) { + zend_attribute *attribute = zend_get_parameter_attribute_str( + call->func->common.attributes, + "sensitiveparameter", + sizeof("sensitiveparameter") - 1, + call->func->common.num_args + ); + is_sensitive = attribute != NULL; + } + SEPARATE_ARRAY(arg_array); ZEND_HASH_MAP_FOREACH_STR_KEY_VAL(call->extra_named_params, name, arg) { ZVAL_DEREF(arg); - Z_TRY_ADDREF_P(arg); - zend_hash_add_new(Z_ARRVAL_P(arg_array), name, arg); + if (is_sensitive) { + zval redacted_arg; + object_init_ex(&redacted_arg, zend_ce_sensitive_parameter_value); + zend_call_method_with_1_params(Z_OBJ_P(&redacted_arg), zend_ce_sensitive_parameter_value, &zend_ce_sensitive_parameter_value->constructor, "__construct", NULL, arg); + zend_hash_add_new(Z_ARRVAL_P(arg_array), name, &redacted_arg); + } else { + Z_TRY_ADDREF_P(arg); + zend_hash_add_new(Z_ARRVAL_P(arg_array), name, arg); + } } ZEND_HASH_FOREACH_END(); } } From 85e26a462e0a66d0984720addd849e8c2c57280e Mon Sep 17 00:00:00 2001 From: Niels Dossche <7771979+ndossche@users.noreply.github.com> Date: Mon, 10 Nov 2025 19:01:26 +0100 Subject: [PATCH 2/2] Adjust --- Zend/zend_builtin_functions.c | 19 +++++++++---------- 1 file changed, 9 insertions(+), 10 deletions(-) diff --git a/Zend/zend_builtin_functions.c b/Zend/zend_builtin_functions.c index 473d94e220c1e..344983a6e2878 100644 --- a/Zend/zend_builtin_functions.c +++ b/Zend/zend_builtin_functions.c @@ -1684,16 +1684,15 @@ static void debug_backtrace_get_args(zend_execute_data *call, zval *arg_array) / zend_string *name; zval *arg; - bool is_sensitive = false; - if (call->func->common.fn_flags & ZEND_ACC_VARIADIC) { - zend_attribute *attribute = zend_get_parameter_attribute_str( - call->func->common.attributes, - "sensitiveparameter", - sizeof("sensitiveparameter") - 1, - call->func->common.num_args - ); - is_sensitive = attribute != NULL; - } + ZEND_ASSERT(call->func->common.fn_flags & ZEND_ACC_VARIADIC); + + zend_attribute *attribute = zend_get_parameter_attribute_str( + call->func->common.attributes, + "sensitiveparameter", + sizeof("sensitiveparameter") - 1, + call->func->common.num_args + ); + bool is_sensitive = attribute != NULL; SEPARATE_ARRAY(arg_array); ZEND_HASH_MAP_FOREACH_STR_KEY_VAL(call->extra_named_params, name, arg) {