Fix #77552: Uninitialized buffer in stat functions

diff --git a/NEWS b/NEWS
index 181bb429ebc5403c976d2221a7c5871f0364aada..f823f484b934f0de1e0984f12c5d21fcaf96117e 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -10,6 +10,10 @@ PHP                                                                        NEWS
   . Support Oracle Database tracing attributes ACTION, MODULE,
     CLIENT_INFO, and CLIENT_IDENTIFIER. (Cameron Porter)
 
+- Standard:
+  . Fixed bug #77552 (Unintialized php_stream_statbuf in stat functions).
+    (John Stevenson)
+
 07 Feb 2019, PHP 7.2.15
 
 - Core:

diff --git a/ext/standard/tests/file/bug77552.phpt b/ext/standard/tests/file/bug77552.phpt
new file mode 100644 (file)
index 0000000..9404b8e
--- /dev/null
+++ b/ext/standard/tests/file/bug77552.phpt
@@ -0,0 +1,32 @@
+--TEST--
+Bug #77552 Unintialized php_stream_statbuf in stat functions 
+--SKIPIF--
+<?php
+if (substr(PHP_OS, 0, 3) != 'WIN') {
+    die('skip windows only test');
+}
+?>
+--FILE--
+<?php
+// Check lstat on a Windows junction to ensure that st_mode is zero
+$tmpDir = __DIR__.'/test-bug77552';
+
+$target = $tmpDir.'/folder/target';
+mkdir($target, 0777, true);
+
+$junction = $tmpDir.'/junction';
+$cmd = sprintf('mklink /J "%s" "%s"', $junction, $target); 
+exec($cmd);
+
+$stat = lstat($junction);
+var_dump($stat['mode']);
+
+?>
+--CLEAN--
+<?php
+$tmpDir = __DIR__.'/test-bug77552';
+$cmd = sprintf('rmdir /S /Q "%s"', $tmpDir);
+exec($cmd);
+?>
+--EXPECT--
+int(0)

diff --git a/main/streams/streams.c b/main/streams/streams.c
index 3cf0c7ec97b86188c0099c990c2cdce7fe7d682b..9daae574337a1ade05ac9776b87c9e7d8f067cc9 100644 (file)
--- a/main/streams/streams.c
+++ b/main/streams/streams.c
@@ -1887,6 +1887,8 @@ PHPAPI int _php_stream_stat_path(const char *path, int flags, php_stream_statbuf
        const char *path_to_open = path;
        int ret;
 
+       memset(ssb, 0, sizeof(*ssb));
+
        if (!(flags & PHP_STREAM_URL_STAT_NOCACHE)) {
                /* Try to hit the cache first */
                if (flags & PHP_STREAM_URL_STAT_LINK) {