Fix #77552: Uninitialized buffer in stat functions

johnstevenson · nikic · commit fe4d7248cc09 · 2019-02-11T11:31:55.000+01:00
diff --git a/NEWS b/NEWS
@@ -10,6 +10,10 @@ PHP                                                                        NEWS
   . Support Oracle Database tracing attributes ACTION, MODULE,
     CLIENT_INFO, and CLIENT_IDENTIFIER. (Cameron Porter)
 
+- Standard:
+  . Fixed bug #77552 (Unintialized php_stream_statbuf in stat functions).
+    (John Stevenson)
+
 07 Feb 2019, PHP 7.2.15
 
 - Core:
diff --git a/ext/standard/tests/file/bug77552.phpt b/ext/standard/tests/file/bug77552.phpt
@@ -0,0 +1,32 @@
+--TEST--
+Bug #77552 Unintialized php_stream_statbuf in stat functions 
+--SKIPIF--
+<?php
+if (substr(PHP_OS, 0, 3) != 'WIN') {
+    die('skip windows only test');
+}
+?>
+--FILE--
+<?php
+// Check lstat on a Windows junction to ensure that st_mode is zero
+$tmpDir = __DIR__.'/test-bug77552';
+
+$target = $tmpDir.'/folder/target';
+mkdir($target, 0777, true);
+
+$junction = $tmpDir.'/junction';
+$cmd = sprintf('mklink /J "%s" "%s"', $junction, $target); 
+exec($cmd);
+
+$stat = lstat($junction);
+var_dump($stat['mode']);
+
+?>
+--CLEAN--
+<?php
+$tmpDir = __DIR__.'/test-bug77552';
+$cmd = sprintf('rmdir /S /Q "%s"', $tmpDir);
+exec($cmd);
+?>
+--EXPECT--
+int(0)
diff --git a/main/streams/streams.c b/main/streams/streams.c
@@ -1887,6 +1887,8 @@ PHPAPI int _php_stream_stat_path(const char *path, int flags, php_stream_statbuf
 	const char *path_to_open = path;
 	int ret;
 
+	memset(ssb, 0, sizeof(*ssb));
+
 	if (!(flags & PHP_STREAM_URL_STAT_NOCACHE)) {
 		/* Try to hit the cache first */
 		if (flags & PHP_STREAM_URL_STAT_LINK) {
