Enforce namespace-scoped visibility for method calls

withinboredom · withinboredom · commit 4f70a41181d1 · 2025-11-08T02:33:50.000+01:00
Add runtime checks to enforce private(namespace) visibility on methods.
When a method with ZEND_ACC_NAMESPACE_PRIVATE is called, the engine now:

1. Gets the namespace where the method was declared (from class name)
2. Gets the namespace of the calling code (zend_get_caller_namespace)
3. Compares namespaces: must match exactly
4. Throws error if namespaces don't match

This applies to:
* Instance methods (zend_std_get_method)
* Static methods (zend_std_get_static_method)
* Constructors (zend_std_get_constructor)
* Callable verification (zend_is_callable_at_frame)
diff --git a/Zend/zend_API.c b/Zend/zend_API.c
@@ -3927,6 +3927,25 @@ static zend_always_inline bool zend_is_callable_check_func(const zval *callable,
 				goto get_function_via_handler;
 			}
 		}
+
+		/* Check namespace visibility */
+		if (fcc->function_handler && UNEXPECTED(fcc->function_handler->common.fn_flags & ZEND_ACC_NAMESPACE_PRIVATE)) {
+			zend_string *method_namespace = zend_get_class_namespace(fcc->function_handler->common.scope);
+			zend_string *caller_namespace = zend_get_caller_namespace();
+
+			if (!zend_string_equals(method_namespace, caller_namespace)) {
+				if (fcc->calling_scope &&
+				    ((fcc->object && fcc->calling_scope->__call) ||
+				     (!fcc->object && fcc->calling_scope->__callstatic))) {
+					retval = false;
+					fcc->function_handler = NULL;
+					goto get_function_via_handler;
+				} else {
+					retval = false;
+					fcc->function_handler = NULL;
+				}
+			}
+		}
 	} else {
 get_function_via_handler:
 		if (fcc->object && fcc->calling_scope == ce_org) {
@@ -3994,6 +4013,22 @@ static zend_always_inline bool zend_is_callable_check_func(const zval *callable,
 					retval = false;
 				}
 			}
+
+			/* Check namespace visibility */
+			if (retval && fcc->function_handler && UNEXPECTED(fcc->function_handler->common.fn_flags & ZEND_ACC_NAMESPACE_PRIVATE)) {
+				zend_string *method_namespace = zend_get_class_namespace(fcc->function_handler->common.scope);
+				zend_string *caller_namespace = zend_get_caller_namespace();
+
+				if (!zend_string_equals(method_namespace, caller_namespace)) {
+					if (error) {
+						if (*error) {
+							efree(*error);
+						}
+						zend_spprintf(error, 0, "cannot access %s method %s::%s()", zend_visibility_string(fcc->function_handler->common.fn_flags), ZSTR_VAL(fcc->calling_scope->name), ZSTR_VAL(fcc->function_handler->common.function_name));
+					}
+					retval = false;
+				}
+			}
 		}
 	} else if (error) {
 		if (fcc->calling_scope) {
diff --git a/Zend/zend_object_handlers.c b/Zend/zend_object_handlers.c
@@ -1871,7 +1871,7 @@ ZEND_API zend_function *zend_std_get_method(zend_object **obj_ptr, zend_string *
 	fbc = Z_FUNC_P(func);
 
 	/* Check access level */
-	if (fbc->op_array.fn_flags & (ZEND_ACC_CHANGED|ZEND_ACC_PRIVATE|ZEND_ACC_PROTECTED)) {
+	if (fbc->op_array.fn_flags & (ZEND_ACC_CHANGED|ZEND_ACC_PRIVATE|ZEND_ACC_PROTECTED|ZEND_ACC_NAMESPACE_PRIVATE)) {
 		const zend_class_entry *scope = zend_get_executed_scope();
 
 		if (fbc->common.scope != scope) {
@@ -1895,6 +1895,21 @@ ZEND_API zend_function *zend_std_get_method(zend_object **obj_ptr, zend_string *
 				}
 			}
 		}
+
+		/* Check namespace visibility */
+		if (fbc && UNEXPECTED(fbc->op_array.fn_flags & ZEND_ACC_NAMESPACE_PRIVATE)) {
+			zend_string *method_namespace = zend_get_class_namespace(fbc->common.scope);
+			zend_string *caller_namespace = zend_get_caller_namespace();
+
+			if (!zend_string_equals(method_namespace, caller_namespace)) {
+				if (zobj->ce->__call) {
+					fbc = zend_get_call_trampoline_func(zobj->ce->__call, method_name);
+				} else {
+					zend_bad_method_call(fbc, method_name, scope);
+					fbc = NULL;
+				}
+			}
+		}
 	}
 
 exit:
@@ -1952,6 +1967,21 @@ ZEND_API zend_function *zend_std_get_static_method(const zend_class_entry *ce, z
 				fbc = fallback_fbc;
 			}
 		}
+
+		/* Check namespace visibility */
+		if (fbc && UNEXPECTED(fbc->common.fn_flags & ZEND_ACC_NAMESPACE_PRIVATE)) {
+			zend_string *method_namespace = zend_get_class_namespace(fbc->common.scope);
+			zend_string *caller_namespace = zend_get_caller_namespace();
+
+			if (!zend_string_equals(method_namespace, caller_namespace)) {
+				const zend_class_entry *scope = zend_get_executed_scope();
+				zend_function *fallback_fbc = get_static_method_fallback(ce, function_name);
+				if (!fallback_fbc) {
+					zend_bad_method_call(fbc, function_name, scope);
+				}
+				fbc = fallback_fbc;
+			}
+		}
 	} else {
 		fbc = get_static_method_fallback(ce, function_name);
 	}
@@ -2113,6 +2143,19 @@ ZEND_API zend_function *zend_std_get_constructor(zend_object *zobj) /* {{{ */
 				constructor = NULL;
 			}
 		}
+
+		/* Check namespace visibility */
+		if (constructor && UNEXPECTED(constructor->common.fn_flags & ZEND_ACC_NAMESPACE_PRIVATE)) {
+			zend_string *method_namespace = zend_get_class_namespace(constructor->common.scope);
+			zend_string *caller_namespace = zend_get_caller_namespace();
+
+			if (!zend_string_equals(method_namespace, caller_namespace)) {
+				const zend_class_entry *scope = get_fake_or_executed_scope();
+				zend_bad_constructor_call(constructor, scope);
+				zend_object_store_ctor_failed(zobj);
+				constructor = NULL;
+			}
+		}
 	}
 
 	return constructor;
