alpine-pkg/php/php5.4/d07-u004-CVE-2016-4342.patch

From 13ad4d3e971807f9a58ab5933182907dc2958539 Mon Sep 17 00:00:00 2001
From: Stanislav Malyshev <stas@php.net>
Date: Wed, 13 Jan 2016 16:32:29 -0800
Subject: [PATCH] CVE-2016-4342

Fix bug #71354 - remove UMR when size is 0

[roberto@debian.org: backported to 5.4.45]

Bug: https://bugs.php.net/bug.php?id=71354
Origin: backport, https://git.php.net/?p=php-src.git;a=commitdiff;h=13ad4d3e971807f9a58ab5933182907dc2958539
---
 ext/phar/phar_object.c       |   1 +
 ext/phar/tests/bug71354.phpt |  13 +++++++++++++
 2 files changed, 14 insertions(+)
 create mode 100644 ext/phar/tests/bug71354.phpt

--- php5.git.orig/ext/phar/phar_object.c
+++ php5.git/ext/phar/phar_object.c
@@ -4977,6 +4977,7 @@
 
 	phar_seek_efp(link, 0, SEEK_SET, 0, 0 TSRMLS_CC);
 	Z_TYPE_P(return_value) = IS_STRING;
+	Z_STRVAL_P(return_value) = NULL;
 	Z_STRLEN_P(return_value) = php_stream_copy_to_mem(fp, &(Z_STRVAL_P(return_value)), link->uncompressed_filesize, 0);
 
 	if (!Z_STRVAL_P(return_value)) {
--- /dev/null
+++ php5.git/ext/phar/tests/bug71354.phpt
@@ -0,0 +1,13 @@
+--TEST--
+Phar: bug #71354: Heap corruption in tar/zip/phar parser.
+--SKIPIF--
+<?php if (!extension_loaded("phar")) die("skip"); ?>
+--FILE--
+<?php
+$p = new PharData(__DIR__."/bug71354.tar");
+var_dump($p['aaaa']->getContent());
+?>
+DONE
+--EXPECT--
+string(0) ""
+DONE
\ No newline at end of file
php5.4: add debian u7 patchset 7 months ago			`From 13ad4d3e971807f9a58ab5933182907dc2958539 Mon Sep 17 00:00:00 2001`
			`From: Stanislav Malyshev <stas@php.net>`
			`Date: Wed, 13 Jan 2016 16:32:29 -0800`
			`Subject: [PATCH] CVE-2016-4342`

			`Fix bug #71354 - remove UMR when size is 0`

			`[roberto@debian.org: backported to 5.4.45]`

			`Bug: https://bugs.php.net/bug.php?id=71354`
			`Origin: backport, https://git.php.net/?p=php-src.git;a=commitdiff;h=13ad4d3e971807f9a58ab5933182907dc2958539`
			`---`
			`ext/phar/phar_object.c \| 1 +`
			`ext/phar/tests/bug71354.phpt \| 13 +++++++++++++`
			`2 files changed, 14 insertions(+)`
			`create mode 100644 ext/phar/tests/bug71354.phpt`

			`--- php5.git.orig/ext/phar/phar_object.c`
			`+++ php5.git/ext/phar/phar_object.c`
			`@@ -4977,6 +4977,7 @@`

			`phar_seek_efp(link, 0, SEEK_SET, 0, 0 TSRMLS_CC);`
			`Z_TYPE_P(return_value) = IS_STRING;`
			`+ Z_STRVAL_P(return_value) = NULL;`
			`Z_STRLEN_P(return_value) = php_stream_copy_to_mem(fp, &(Z_STRVAL_P(return_value)), link->uncompressed_filesize, 0);`

			`if (!Z_STRVAL_P(return_value)) {`
			`--- /dev/null`
			`+++ php5.git/ext/phar/tests/bug71354.phpt`
			`@@ -0,0 +1,13 @@`
			`+--TEST--`
			`+Phar: bug #71354: Heap corruption in tar/zip/phar parser.`
			`+--SKIPIF--`
			`+<?php if (!extension_loaded("phar")) die("skip"); ?>`
			`+--FILE--`
			`+<?php`
			`+$p = new PharData(__DIR__."/bug71354.tar");`
			`+var_dump($p['aaaa']->getContent());`
			`+?>`
			`+DONE`
			`+--EXPECT--`
			`+string(0) ""`
			`+DONE`
			`\ No newline at end of file`