alpine-pkg/php/php5.4/d07-u009-CVE-2016-10160.patch

From b28b8b2fee6dfa6fcd13305c581bb835689ac3be Mon Sep 17 00:00:00 2001
From: Stanislav Malyshev <stas@php.net>
Date: Fri, 30 Dec 2016 15:57:24 -0800
Subject: [PATCH] CVE-2016-10160

Fix bug #73768 - Memory corruption when loading hostile phar

[roberto@debian.org: backported to 5.4.45]

Bug: https://bugs.php.net/bug.php?id=73768
Origin: backport, http://git.php.net/?p=php-src.git;a=commitdiff;h=b28b8b2fee6dfa6fcd13305c581bb835689ac3be

---
 ext/phar/phar.c              |   3 +--
 ext/phar/tests/bug73768.phar | Bin 0 -> 219 bytes
 ext/phar/tests/bug73768.phpt |  16 ++++++++++++++++
 3 files changed, 17 insertions(+), 2 deletions(-)
 create mode 100644 ext/phar/tests/bug73768.phar
 create mode 100644 ext/phar/tests/bug73768.phpt

--- php5.git.orig/ext/phar/phar.c
+++ php5.git/ext/phar/phar.c
@@ -982,7 +982,6 @@
 		/* if the alias is stored we enforce it (implicit overrides explicit) */
 		if (alias && alias_len && (alias_len != (int)tmp_len || strncmp(alias, buffer, tmp_len)))
 		{
-			buffer[tmp_len] = '\0';
 			php_stream_close(fp);
 
 			if (signature) {
@@ -990,7 +989,7 @@
 			}
 
 			if (error) {
-				spprintf(error, 0, "cannot load phar \"%s\" with implicit alias \"%s\" under different alias \"%s\"", fname, buffer, alias);
+				spprintf(error, 0, "cannot load phar \"%s\" with implicit alias \"%.*s\" under different alias \"%s\"", fname, tmp_len, buffer, alias);
 			}
 
 			efree(savebuf);
--- /dev/null
+++ php5.git/ext/phar/tests/bug73768.phpt
@@ -0,0 +1,16 @@
+--TEST--
+Phar: PHP bug #73768: Memory corruption when loading hostile phar
+--SKIPIF--
+<?php if (!extension_loaded("phar")) die("skip"); ?>
+--FILE--
+<?php
+chdir(__DIR__);
+try {
+$p = Phar::LoadPhar('bug73768.phar', 'alias.phar');
+echo "OK\n";
+} catch(PharException $e) {
+	echo $e->getMessage();
+}
+?>
+--EXPECTF--
+cannot load phar "%sbug73768.phar" with implicit alias "" under different alias "alias.phar"