From: Máté Kocsis <kocsismate@woohoolabs.com>
Date: Thu, 13 Aug 2020 21:57:23 +0000 (+0200)
Subject: Fix ZPP for mhash()
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=f83368c6d960329c17df764947e793a863379582;p=php

Fix ZPP for mhash()

Closes GH-5985
---

diff --git a/ext/hash/hash.c b/ext/hash/hash.c
index 40746ea003..3f01ebcce6 100644
--- a/ext/hash/hash.c
+++ b/ext/hash/hash.c
@@ -345,23 +345,14 @@ PHP_HASH_API int php_hash_unserialize(php_hashcontext_object *hash, zend_long ma
 
 /* Userspace */
 
-static void php_hash_do_hash(INTERNAL_FUNCTION_PARAMETERS, int isfilename, zend_bool raw_output_default) /* {{{ */
-{
-	zend_string *digest, *algo;
-	char *data;
-	size_t data_len;
-	zend_bool raw_output = raw_output_default;
+static void php_hash_do_hash(
+	zval *return_value, zend_string *algo, char *data, size_t data_len, zend_bool raw_output, bool isfilename
+) /* {{{ */ {
+	zend_string *digest;
 	const php_hash_ops *ops;
 	void *context;
 	php_stream *stream = NULL;
 
-	ZEND_PARSE_PARAMETERS_START(2, 3)
-		Z_PARAM_STR(algo)
-		Z_PARAM_STRING(data, data_len)
-		Z_PARAM_OPTIONAL
-		Z_PARAM_BOOL(raw_output)
-	ZEND_PARSE_PARAMETERS_END();
-
 	ops = php_hash_fetch_ops(algo);
 	if (!ops) {
 		zend_argument_value_error(1, "must be a valid hashing algorithm");
@@ -420,7 +411,19 @@ static void php_hash_do_hash(INTERNAL_FUNCTION_PARAMETERS, int isfilename, zend_
 Returns lowercase hexits by default */
 PHP_FUNCTION(hash)
 {
-	php_hash_do_hash(INTERNAL_FUNCTION_PARAM_PASSTHRU, 0, 0);
+	zend_string *algo;
+	char *data;
+	size_t data_len;
+	zend_bool raw_output = 0;
+
+	ZEND_PARSE_PARAMETERS_START(2, 3)
+		Z_PARAM_STR(algo)
+		Z_PARAM_STRING(data, data_len)
+		Z_PARAM_OPTIONAL
+		Z_PARAM_BOOL(raw_output)
+	ZEND_PARSE_PARAMETERS_END();
+
+	php_hash_do_hash(return_value, algo, data, data_len, raw_output, 0);
 }
 /* }}} */
 
@@ -428,7 +431,19 @@ PHP_FUNCTION(hash)
 Returns lowercase hexits by default */
 PHP_FUNCTION(hash_file)
 {
-	php_hash_do_hash(INTERNAL_FUNCTION_PARAM_PASSTHRU, 1, 0);
+	zend_string *algo;
+	char *data;
+	size_t data_len;
+	zend_bool raw_output = 0;
+
+	ZEND_PARSE_PARAMETERS_START(2, 3)
+		Z_PARAM_STR(algo)
+		Z_PARAM_STRING(data, data_len)
+		Z_PARAM_OPTIONAL
+		Z_PARAM_BOOL(raw_output)
+	ZEND_PARSE_PARAMETERS_END();
+
+	php_hash_do_hash(return_value, algo, data, data_len, raw_output, 1);
 }
 /* }}} */
 
@@ -467,22 +482,15 @@ static inline void php_hash_hmac_round(unsigned char *final, const php_hash_ops
 	ops->hash_final(final, context);
 }
 
-static void php_hash_do_hash_hmac(INTERNAL_FUNCTION_PARAMETERS, int isfilename, zend_bool raw_output_default) /* {{{ */
-{
-	zend_string *digest, *algo;
-	char *data, *key;
+static void php_hash_do_hash_hmac(
+	zval *return_value, zend_string *algo, char *data, size_t data_len, char *key, size_t key_len, zend_bool raw_output, bool isfilename
+) /* {{{ */ {
+	zend_string *digest;
 	unsigned char *K;
-	size_t data_len, key_len;
-	zend_bool raw_output = raw_output_default;
 	const php_hash_ops *ops;
 	void *context;
 	php_stream *stream = NULL;
 
-	if (zend_parse_parameters(ZEND_NUM_ARGS(), "Sss|b", &algo, &data, &data_len,
-																  &key, &key_len, &raw_output) == FAILURE) {
-		RETURN_THROWS();
-	}
-
 	ops = php_hash_fetch_ops(algo);
 	if (!ops || !ops->is_crypto) {
 		zend_argument_value_error(1, "must be a valid cryptographic hashing algorithm");
@@ -556,7 +564,16 @@ static void php_hash_do_hash_hmac(INTERNAL_FUNCTION_PARAMETERS, int isfilename,
 Returns lowercase hexits by default */
 PHP_FUNCTION(hash_hmac)
 {
-	php_hash_do_hash_hmac(INTERNAL_FUNCTION_PARAM_PASSTHRU, 0, 0);
+	zend_string *algo;
+	char *data, *key;
+	size_t data_len, key_len;
+	zend_bool raw_output = 0;
+
+	if (zend_parse_parameters(ZEND_NUM_ARGS(), "Sss|b", &algo, &data, &data_len, &key, &key_len, &raw_output) == FAILURE) {
+		RETURN_THROWS();
+	}
+
+	php_hash_do_hash_hmac(return_value, algo, data, data_len, key, key_len, raw_output, 0);
 }
 /* }}} */
 
@@ -564,7 +581,16 @@ PHP_FUNCTION(hash_hmac)
 Returns lowercase hexits by default */
 PHP_FUNCTION(hash_hmac_file)
 {
-	php_hash_do_hash_hmac(INTERNAL_FUNCTION_PARAM_PASSTHRU, 1, 0);
+	zend_string *algo;
+	char *data, *key;
+	size_t data_len, key_len;
+	zend_bool raw_output = 0;
+
+	if (zend_parse_parameters(ZEND_NUM_ARGS(), "Sss|b", &algo, &data, &data_len, &key, &key_len, &raw_output) == FAILURE) {
+		RETURN_THROWS();
+	}
+
+	php_hash_do_hash_hmac(return_value, algo, data, data_len, key, key_len, raw_output, 1);
 }
 /* }}} */
 
@@ -1163,29 +1189,27 @@ static void mhash_init(INIT_FUNC_ARGS)
 /* {{{ Hash data with hash */
 PHP_FUNCTION(mhash)
 {
-	zval *z_algorithm;
 	zend_long algorithm;
+	zend_string *algo = NULL;
+	char *data, *key = NULL;
+	size_t data_len, key_len = 0;
 
-	if (zend_parse_parameters(1, "z", &z_algorithm) == FAILURE) {
+	if (zend_parse_parameters(ZEND_NUM_ARGS(), "ls|s!", &algorithm, &data, &data_len, &key, &key_len) == FAILURE) {
 		RETURN_THROWS();
 	}
 
-	algorithm = zval_get_long(z_algorithm);
-
 	/* need to convert the first parameter from int constant to string algorithm name */
 	if (algorithm >= 0 && algorithm < MHASH_NUM_ALGOS) {
 		struct mhash_bc_entry algorithm_lookup = mhash_to_hash[algorithm];
 		if (algorithm_lookup.hash_name) {
-			ZVAL_STRING(z_algorithm, algorithm_lookup.hash_name);
+			algo = zend_string_init(algorithm_lookup.hash_name, strlen(algorithm_lookup.hash_name), 1);
 		}
 	}
 
-	if (ZEND_NUM_ARGS() == 3) {
-		php_hash_do_hash_hmac(INTERNAL_FUNCTION_PARAM_PASSTHRU, 0, 1);
-	} else if (ZEND_NUM_ARGS() == 2) {
-		php_hash_do_hash(INTERNAL_FUNCTION_PARAM_PASSTHRU, 0, 1);
+	if (key) {
+		php_hash_do_hash_hmac(return_value, algo, data, data_len, key, key_len, 1, 0);
 	} else {
-		WRONG_PARAM_COUNT;
+		php_hash_do_hash(return_value, algo, data, data_len, 1, 0);
 	}
 }
 /* }}} */
diff --git a/ext/hash/hash.stub.php b/ext/hash/hash.stub.php
index 6a660aeaef..d2e9d1aee1 100644
--- a/ext/hash/hash.stub.php
+++ b/ext/hash/hash.stub.php
@@ -43,7 +43,7 @@ function mhash_keygen_s2k(int $hash, string $input_password, string $salt, int $
 
 function mhash_count(): int {}
 
-function mhash(int $hash, string $data, string $key = UNKNOWN): string|false {}
+function mhash(int $hash, string $data, ?string $key = null): string|false {}
 #endif
 
 final class HashContext
diff --git a/ext/hash/hash_arginfo.h b/ext/hash/hash_arginfo.h
index b51be84792..1315f3f118 100644
--- a/ext/hash/hash_arginfo.h
+++ b/ext/hash/hash_arginfo.h
@@ -1,5 +1,5 @@
 /* This is a generated file, edit the .stub.php file instead.
- * Stub hash: 6da0ff3370cecc919fccf7c6791828a81b44156d */
+ * Stub hash: 9280e94fe6bb8b86d0cc6f939996c6c0b0bb9241 */
 
 ZEND_BEGIN_ARG_WITH_RETURN_TYPE_MASK_EX(arginfo_hash, 0, 2, MAY_BE_STRING|MAY_BE_FALSE)
 	ZEND_ARG_TYPE_INFO(0, algo, IS_STRING, 0)
@@ -111,7 +111,7 @@ ZEND_END_ARG_INFO()
 ZEND_BEGIN_ARG_WITH_RETURN_TYPE_MASK_EX(arginfo_mhash, 0, 2, MAY_BE_STRING|MAY_BE_FALSE)
 	ZEND_ARG_TYPE_INFO(0, hash, IS_LONG, 0)
 	ZEND_ARG_TYPE_INFO(0, data, IS_STRING, 0)
-	ZEND_ARG_TYPE_INFO(0, key, IS_STRING, 0)
+	ZEND_ARG_TYPE_INFO_WITH_DEFAULT_VALUE(0, key, IS_STRING, 1, "null")
 ZEND_END_ARG_INFO()
 #endif