php/sme8/php-5.3.3-CVE-2012-0789.patch


https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-0789

http://git.php.net/?p=php-src.git;a=commitdiff;h=5b2ce47f2e98e672873f6da0f41fff120af1e57e
 - with unrelated changes reverted

--- php-5.3.3/ext/date/lib/parse_date.c.cve0789
+++ php-5.3.3/ext/date/lib/parse_date.c
@@ -756,7 +756,7 @@ static long timelib_lookup_zone(char **p
        return value;
 }
 
-static long timelib_get_zone(char **ptr, int *dst, timelib_time *t, int *tz_not_found, const timelib_tzdb *tzdb)
+static long timelib_get_zone(char **ptr, int *dst, timelib_time *t, int *tz_not_found, const timelib_tzdb *tzdb, timelib_tz_get_wrapper tz_wrapper)
 {
        timelib_tzinfo *res;
        long            retval = 0;
@@ -805,7 +805,7 @@ static long timelib_get_zone(char **ptr,
 #endif
                /* If we have a TimeZone identifier to start with, use it */
                if (strstr(tz_abbr, "/") || strcmp(tz_abbr, "UTC") == 0) {
-                       if ((res = timelib_parse_tzfile(tz_abbr, tzdb)) != NULL) {
+                       if ((res = tz_wrapper(tz_abbr, tzdb)) != NULL) {
                                t->tz_info = res;
                                t->zone_type = TIMELIB_ZONETYPE_ID;
                                found++;
@@ -834,7 +834,7 @@ static long timelib_get_zone(char **ptr,
        }                              \
 }
 
-static int scan(Scanner *s)
+static int scan(Scanner *s, timelib_tz_get_wrapper tz_get_wrapper)
 {
        uchar *cursor = s->cur;
        char *str, *ptr = NULL;
@@ -1006,7 +1006,7 @@ yy4:
                DEBUG_OUTPUT("tzcorrection | tz");
                TIMELIB_INIT;
                TIMELIB_HAVE_TZ();
-               s->time->z = timelib_get_zone((char **) &ptr, &s->time->dst, s->time, &tz_not_found, s->tzdb);
+               s->time->z = timelib_get_zone((char **) &ptr, &s->time->dst, s->time, &tz_not_found, s->tzdb, tz_get_wrapper);
                if (tz_not_found) {
                        add_error(s, "The timezone could not be found in the database");
                }
@@ -4451,7 +4451,7 @@ yy223:
                }
 
                if (*ptr != '\0') {
-                       s->time->z = timelib_get_zone((char **) &ptr, &s->time->dst, s->time, &tz_not_found, s->tzdb);
+                       s->time->z = timelib_get_zone((char **) &ptr, &s->time->dst, s->time, &tz_not_found, s->tzdb, tz_get_wrapper);
                        if (tz_not_found) {
                                add_error(s, "The timezone could not be found in the database");
                        }
@@ -9763,7 +9763,7 @@ yy491:
                }
 
                if (*ptr != '\0') {
-                       s->time->z = timelib_get_zone((char **) &ptr, &s->time->dst, s->time, &tz_not_found, s->tzdb);
+                       s->time->z = timelib_get_zone((char **) &ptr, &s->time->dst, s->time, &tz_not_found, s->tzdb, tz_get_wrapper);
                        if (tz_not_found) {
                                add_error(s, "The timezone could not be found in the database");
                        }
@@ -12020,7 +12020,7 @@ yy701:
                s->time->h = timelib_get_nr((char **) &ptr, 2);
                s->time->i = timelib_get_nr((char **) &ptr, 2);
                s->time->s = timelib_get_nr((char **) &ptr, 2);
-               s->time->z = timelib_get_zone((char **) &ptr, &s->time->dst, s->time, &tz_not_found, s->tzdb);
+               s->time->z = timelib_get_zone((char **) &ptr, &s->time->dst, s->time, &tz_not_found, s->tzdb, tz_get_wrapper);
                if (tz_not_found) {
                        add_error(s, "The timezone could not be found in the database");
                }
@@ -13391,7 +13391,7 @@ yy843:
                if (*ptr == '.') {
                        s->time->f = timelib_get_frac_nr((char **) &ptr, 9);
                        if (*ptr) { /* timezone is optional */
-                               s->time->z = timelib_get_zone((char **) &ptr, &s->time->dst, s->time, &tz_not_found, s->tzdb);
+                               s->time->z = timelib_get_zone((char **) &ptr, &s->time->dst, s->time, &tz_not_found, s->tzdb, tz_get_wrapper);
                                if (tz_not_found) {
                                        add_error(s, "The timezone could not be found in the database");
                                }
@@ -15731,7 +15731,7 @@ yy1076:
                s->time->s = timelib_get_nr((char **) &ptr, 2);
 
                if (*ptr != '\0') {
-                       s->time->z = timelib_get_zone((char **) &ptr, &s->time->dst, s->time, &tz_not_found, s->tzdb);
+                       s->time->z = timelib_get_zone((char **) &ptr, &s->time->dst, s->time, &tz_not_found, s->tzdb, tz_get_wrapper);
                        if (tz_not_found) {
                                add_error(s, "The timezone could not be found in the database");
                        }
@@ -24632,7 +24632,7 @@ yy1537:
 
 #define YYMAXFILL 31
 
-timelib_time* timelib_strtotime(char *s, int len, struct timelib_error_container **errors, const timelib_tzdb *tzdb)
+timelib_time* timelib_strtotime(char *s, int len, struct timelib_error_container **errors, const timelib_tzdb *tzdb, timelib_tz_get_wrapper tz_get_wrapper)
 {
        Scanner in;
        int t;
@@ -24687,7 +24687,7 @@ timelib_time* timelib_strtotime(char *s,
        in.time->zone_type = 0;
 
        do {
-               t = scan(&in);
+               t = scan(&in, tz_get_wrapper);
 #ifdef DEBUG_PARSER
                printf("%d\n", t);
 #endif
@@ -24714,7 +24714,7 @@ timelib_time* timelib_strtotime(char *s,
                }
 
 
-timelib_time *timelib_parse_from_format(char *format, char *string, int len, timelib_error_container **errors, const timelib_tzdb *tzdb)
+timelib_time *timelib_parse_from_format(char *format, char *string, int len, timelib_error_container **errors, const timelib_tzdb *tzdb, timelib_tz_get_wrapper tz_get_wrapper)
 {
        char       *fptr = format;
        char       *ptr = string;
@@ -24880,7 +24880,7 @@ timelib_time *timelib_parse_from_format(
                        case 'O': /* timezone */
                                {
                                        int tz_not_found;
-                                       s->time->z = timelib_get_zone((char **) &ptr, &s->time->dst, s->time, &tz_not_found, s->tzdb);
+                                       s->time->z = timelib_get_zone((char **) &ptr, &s->time->dst, s->time, &tz_not_found, s->tzdb, tz_get_wrapper);
                                        if (tz_not_found) {
                                                add_pbf_error(s, "The timezone could not be found in the database", string, begin);
                                        }
--- php-5.3.3/ext/date/lib/parse_date.re.cve0789
+++ php-5.3.3/ext/date/lib/parse_date.re
@@ -755,7 +755,7 @@ static long timelib_lookup_zone(char **p
        return value;
 }
 
-static long timelib_get_zone(char **ptr, int *dst, timelib_time *t, int *tz_not_found, const timelib_tzdb *tzdb)
+static long timelib_get_zone(char **ptr, int *dst, timelib_time *t, int *tz_not_found, const timelib_tzdb *tzdb, timelib_tz_get_wrapper tz_wrapper)
 {
        timelib_tzinfo *res;
        long            retval = 0;
@@ -804,7 +804,7 @@ static long timelib_get_zone(char **ptr,
 #endif
                /* If we have a TimeZone identifier to start with, use it */
                if (strstr(tz_abbr, "/") || strcmp(tz_abbr, "UTC") == 0) {
-                       if ((res = timelib_parse_tzfile(tz_abbr, tzdb)) != NULL) {
+                       if ((res = tz_wrapper(tz_abbr, tzdb)) != NULL) {
                                t->tz_info = res;
                                t->zone_type = TIMELIB_ZONETYPE_ID;
                                found++;
@@ -833,7 +833,7 @@ static long timelib_get_zone(char **ptr,
        }                              \
 }
 
-static int scan(Scanner *s)
+static int scan(Scanner *s, timelib_tz_get_wrapper tz_get_wrapper)
 {
        uchar *cursor = s->cur;
        char *str, *ptr = NULL;
@@ -1166,7 +1166,7 @@ weekdayof        = (reltextnumber|reltex
                }
 
                if (*ptr != '\0') {
-                       s->time->z = timelib_get_zone((char **) &ptr, &s->time->dst, s->time, &tz_not_found, s->tzdb);
+                       s->time->z = timelib_get_zone((char **) &ptr, &s->time->dst, s->time, &tz_not_found, s->tzdb, tz_get_wrapper);
                        if (tz_not_found) {
                                add_error(s, "The timezone could not be found in the database");
                        }
@@ -1207,7 +1207,7 @@ weekdayof        = (reltextnumber|reltex
                                s->time->h = timelib_get_nr((char **) &ptr, 2);
                                s->time->i = timelib_get_nr((char **) &ptr, 2);
                                s->time->s = 0;
-                               s->time->z = timelib_get_zone((char **) &ptr, &s->time->dst, s->time, s->tzdb);
+                               s->time->z = timelib_get_zone((char **) &ptr, &s->time->dst, s->time, s->tzdb, tz_get_wrapper);
                                break;
                        case 1:
                                s->time->y = timelib_get_nr((char **) &ptr, 4);
@@ -1232,7 +1232,7 @@ weekdayof        = (reltextnumber|reltex
                s->time->s = timelib_get_nr((char **) &ptr, 2);
 
                if (*ptr != '\0') {
-                       s->time->z = timelib_get_zone((char **) &ptr, &s->time->dst, s->time, &tz_not_found, s->tzdb);
+                       s->time->z = timelib_get_zone((char **) &ptr, &s->time->dst, s->time, &tz_not_found, s->tzdb, tz_get_wrapper);
                        if (tz_not_found) {
                                add_error(s, "The timezone could not be found in the database");
                        }
@@ -1425,7 +1425,7 @@ weekdayof        = (reltextnumber|reltex
                if (*ptr == '.') {
                        s->time->f = timelib_get_frac_nr((char **) &ptr, 9);
                        if (*ptr) { /* timezone is optional */
-                               s->time->z = timelib_get_zone((char **) &ptr, &s->time->dst, s->time, &tz_not_found, s->tzdb);
+                               s->time->z = timelib_get_zone((char **) &ptr, &s->time->dst, s->time, &tz_not_found, s->tzdb, tz_get_wrapper);
                                if (tz_not_found) {
                                        add_error(s, "The timezone could not be found in the database");
                                }
@@ -1525,7 +1525,7 @@ weekdayof        = (reltextnumber|reltex
                s->time->h = timelib_get_nr((char **) &ptr, 2);
                s->time->i = timelib_get_nr((char **) &ptr, 2);
                s->time->s = timelib_get_nr((char **) &ptr, 2);
-               s->time->z = timelib_get_zone((char **) &ptr, &s->time->dst, s->time, &tz_not_found, s->tzdb);
+               s->time->z = timelib_get_zone((char **) &ptr, &s->time->dst, s->time, &tz_not_found, s->tzdb, tz_get_wrapper);
                if (tz_not_found) {
                        add_error(s, "The timezone could not be found in the database");
                }
@@ -1638,7 +1638,7 @@ weekdayof        = (reltextnumber|reltex
                DEBUG_OUTPUT("tzcorrection | tz");
                TIMELIB_INIT;
                TIMELIB_HAVE_TZ();
-               s->time->z = timelib_get_zone((char **) &ptr, &s->time->dst, s->time, &tz_not_found, s->tzdb);
+               s->time->z = timelib_get_zone((char **) &ptr, &s->time->dst, s->time, &tz_not_found, s->tzdb, tz_get_wrapper);
                if (tz_not_found) {
                        add_error(s, "The timezone could not be found in the database");
                }
@@ -1691,7 +1691,7 @@ weekdayof        = (reltextnumber|reltex
                }
 
                if (*ptr != '\0') {
-                       s->time->z = timelib_get_zone((char **) &ptr, &s->time->dst, s->time, &tz_not_found, s->tzdb);
+                       s->time->z = timelib_get_zone((char **) &ptr, &s->time->dst, s->time, &tz_not_found, s->tzdb, tz_get_wrapper);
                        if (tz_not_found) {
                                add_error(s, "The timezone could not be found in the database");
                        }
@@ -1737,7 +1737,7 @@ weekdayof        = (reltextnumber|reltex
 
 /*!max:re2c */
 
-timelib_time* timelib_strtotime(char *s, int len, struct timelib_error_container **errors, const timelib_tzdb *tzdb)
+timelib_time* timelib_strtotime(char *s, int len, struct timelib_error_container **errors, const timelib_tzdb *tzdb, timelib_tz_get_wrapper tz_get_wrapper)
 {
        Scanner in;
        int t;
@@ -1792,7 +1792,7 @@ timelib_time* timelib_strtotime(char *s,
        in.time->zone_type = 0;
 
        do {
-               t = scan(&in);
+               t = scan(&in, tz_get_wrapper);
 #ifdef DEBUG_PARSER
                printf("%d\n", t);
 #endif
@@ -1819,7 +1819,7 @@ timelib_time* timelib_strtotime(char *s,
                }
 
 
-timelib_time *timelib_parse_from_format(char *format, char *string, int len, timelib_error_container **errors, const timelib_tzdb *tzdb)
+timelib_time *timelib_parse_from_format(char *format, char *string, int len, timelib_error_container **errors, const timelib_tzdb *tzdb, timelib_tz_get_wrapper tz_get_wrapper)
 {
        char       *fptr = format;
        char       *ptr = string;
@@ -1985,7 +1985,7 @@ timelib_time *timelib_parse_from_format(
                        case 'O': /* timezone */
                                {
                                        int tz_not_found;
-                                       s->time->z = timelib_get_zone((char **) &ptr, &s->time->dst, s->time, &tz_not_found, s->tzdb);
+                                       s->time->z = timelib_get_zone((char **) &ptr, &s->time->dst, s->time, &tz_not_found, s->tzdb, tz_get_wrapper);
                                        if (tz_not_found) {
                                                add_pbf_error(s, "The timezone could not be found in the database", string, begin);
                                        }
--- php-5.3.3/ext/date/lib/timelib.h.cve0789
+++ php-5.3.3/ext/date/lib/timelib.h
@@ -50,6 +50,9 @@
 #define strncasecmp strnicmp
 #endif
 
+/* Function pointers */
+typedef timelib_tzinfo* (*timelib_tz_get_wrapper)(char *tzname, const timelib_tzdb *tzdb);
+
 /* From dow.c */
 timelib_sll timelib_day_of_week(timelib_sll y, timelib_sll m, timelib_sll d);
 timelib_sll timelib_iso_day_of_week(timelib_sll y, timelib_sll m, timelib_sll d);
@@ -61,8 +64,8 @@ int timelib_valid_time(timelib_sll h, ti
 int timelib_valid_date(timelib_sll y, timelib_sll m, timelib_sll d);
 
 /* From parse_date.re */
-timelib_time *timelib_strtotime(char *s, int len, timelib_error_container **errors, const timelib_tzdb *tzdb);
-timelib_time *timelib_parse_from_format(char *format, char *s, int len, timelib_error_container **errors, const timelib_tzdb *tzdb);
+timelib_time *timelib_strtotime(char *s, int len, timelib_error_container **errors, const timelib_tzdb *tzdb, timelib_tz_get_wrapper tz_get_wrapper);
+timelib_time *timelib_parse_from_format(char *format, char *s, int len, timelib_error_container **errors, const timelib_tzdb *tzdb, timelib_tz_get_wrapper tz_get_wrapper);
 void timelib_fill_holes(timelib_time *parsed, timelib_time *now, int options);
 char *timelib_timezone_id_from_abbr(const char *abbr, long gmtoffset, int isdst);
 const timelib_tz_lookup_table *timelib_timezone_abbreviations_list(void);
--- php-5.3.3/ext/date/php_date.c.cve0789
+++ php-5.3.3/ext/date/php_date.c
@@ -833,6 +833,12 @@ static timelib_tzinfo *php_date_parse_tz
        }
        return tzi;
 }
+
+timelib_tzinfo *php_date_parse_tzfile_wrapper(char *formal_tzname, const timelib_tzdb *tzdb)
+{
+       TSRMLS_FETCH();
+       return php_date_parse_tzfile(formal_tzname, tzdb TSRMLS_CC);
+}
 /* }}} */
 
 /* {{{ Helper functions */
@@ -1366,7 +1372,7 @@ PHPAPI signed long php_parse_date(char *
        int           error2;
        signed long   retval;
 
-       parsed_time = timelib_strtotime(string, strlen(string), &error, DATE_TIMEZONEDB);
+       parsed_time = timelib_strtotime(string, strlen(string), &error, DATE_TIMEZONEDB, php_date_parse_tzfile_wrapper);
        if (error->error_count) {
                timelib_error_container_dtor(error);
                return -1;
@@ -1403,7 +1409,7 @@ PHP_FUNCTION(strtotime)
 
                initial_ts = emalloc(25);
                snprintf(initial_ts, 24, "@%ld UTC", preset_ts);
-               t = timelib_strtotime(initial_ts, strlen(initial_ts), NULL, DATE_TIMEZONEDB); /* we ignore the error here, as this should never fail */
+               t = timelib_strtotime(initial_ts, strlen(initial_ts), NULL, DATE_TIMEZONEDB, php_date_parse_tzfile_wrapper); /* we ignore the error here, as this should never fail */
                timelib_update_ts(t, tzi);
                now->tz_info = tzi;
                now->zone_type = TIMELIB_ZONETYPE_ID;
@@ -1425,7 +1431,7 @@ PHP_FUNCTION(strtotime)
                RETURN_FALSE;
        }
 
-       t = timelib_strtotime(times, time_len, &error, DATE_TIMEZONEDB);
+       t = timelib_strtotime(times, time_len, &error, DATE_TIMEZONEDB, php_date_parse_tzfile_wrapper);
        error1 = error->error_count;
        timelib_error_container_dtor(error);
        timelib_fill_holes(t, now, TIMELIB_NO_CLONE);
@@ -2378,9 +2384,9 @@ static int date_initialize(php_date_obj
                timelib_time_dtor(dateobj->time);
        }
        if (format) {
-               dateobj->time = timelib_parse_from_format(format, time_str_len ? time_str : "", time_str_len ? time_str_len : 0, &err, DATE_TIMEZONEDB);
+               dateobj->time = timelib_parse_from_format(format, time_str_len ? time_str : "", time_str_len ? time_str_len : 0, &err, DATE_TIMEZONEDB, php_date_parse_tzfile_wrapper);
        } else {
-               dateobj->time = timelib_strtotime(time_str_len ? time_str : "now", time_str_len ? time_str_len : sizeof("now") -1, &err, DATE_TIMEZONEDB);
+               dateobj->time = timelib_strtotime(time_str_len ? time_str : "now", time_str_len ? time_str_len : sizeof("now") -1, &err, DATE_TIMEZONEDB, php_date_parse_tzfile_wrapper);
        }
 
        /* update last errors and warnings */
@@ -2714,7 +2720,7 @@ PHP_FUNCTION(date_parse)
                RETURN_FALSE;
        }
 
-       parsed_time = timelib_strtotime(date, date_len, &error, DATE_TIMEZONEDB);
+       parsed_time = timelib_strtotime(date, date_len, &error, DATE_TIMEZONEDB, php_date_parse_tzfile_wrapper);
        php_date_do_return_parsed_time(INTERNAL_FUNCTION_PARAM_PASSTHRU, parsed_time, error);
 }
 /* }}} */
@@ -2733,7 +2739,7 @@ PHP_FUNCTION(date_parse_from_format)
                RETURN_FALSE;
        }
 
-       parsed_time = timelib_parse_from_format(format, date, date_len, &error, DATE_TIMEZONEDB);
+       parsed_time = timelib_parse_from_format(format, date, date_len, &error, DATE_TIMEZONEDB, php_date_parse_tzfile_wrapper);
        php_date_do_return_parsed_time(INTERNAL_FUNCTION_PARAM_PASSTHRU, parsed_time, error);
 }
 /* }}} */
@@ -2775,7 +2781,7 @@ PHP_FUNCTION(date_modify)
        dateobj = (php_date_obj *) zend_object_store_get_object(object TSRMLS_CC);
        DATE_CHECK_INITIALIZED(dateobj->time, DateTime);
 
-       tmp_time = timelib_strtotime(modify, modify_len, &err, DATE_TIMEZONEDB);
+       tmp_time = timelib_strtotime(modify, modify_len, &err, DATE_TIMEZONEDB, php_date_parse_tzfile_wrapper);
 
        /* update last errors and warnings */
        update_errors_warnings(err TSRMLS_CC);
@@ -3571,7 +3577,7 @@ PHP_FUNCTION(date_interval_create_from_d
 
        date_instantiate(date_ce_interval, return_value TSRMLS_CC);
 
-       time = timelib_strtotime(time_str, time_str_len, &err, DATE_TIMEZONEDB);
+       time = timelib_strtotime(time_str, time_str_len, &err, DATE_TIMEZONEDB, php_date_parse_tzfile_wrapper);
        diobj = (php_interval_obj *) zend_object_store_get_object(return_value TSRMLS_CC);
        diobj->diff = timelib_rel_time_clone(&time->relative);
        diobj->initialized = 1;
--- php-5.3.3/ext/date/tests/bug53502.phpt.cve0789
+++ php-5.3.3/ext/date/tests/bug53502.phpt
@@ -0,0 +1,13 @@
+--TEST--
+Bug #53502 (strtotime with timezone memory leak)
+--INI--
+date.timezone=UTC
+--FILE--
+<?php
+for ($i = 0; $i < 1000; $i++) {
+    strtotime('Monday 00:00 Europe/Paris');    // Memory leak
+}
+echo "Nothing, test only makes sense through valgrind.\n";
+?>
+--EXPECT--
+Nothing, test only makes sense through valgrind.
1	slords	1.1.2.1
2			https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-0789
3
4			http://git.php.net/?p=php-src.git;a=commitdiff;h=5b2ce47f2e98e672873f6da0f41fff120af1e57e
5			- with unrelated changes reverted
6
7			--- php-5.3.3/ext/date/lib/parse_date.c.cve0789
8			+++ php-5.3.3/ext/date/lib/parse_date.c
9			@@ -756,7 +756,7 @@ static long timelib_lookup_zone(char **p
10			return value;
11			}
12
13			-static long timelib_get_zone(char *ptr, int dst, timelib_time t, int tz_not_found, const timelib_tzdb *tzdb)
14			+static long timelib_get_zone(char *ptr, int dst, timelib_time t, int tz_not_found, const timelib_tzdb *tzdb, timelib_tz_get_wrapper tz_wrapper)
15			{
16			timelib_tzinfo *res;
17			long retval = 0;
18			@@ -805,7 +805,7 @@ static long timelib_get_zone(char **ptr,
19			#endif
20			/* If we have a TimeZone identifier to start with, use it */
21			if (strstr(tz_abbr, "/") \|\| strcmp(tz_abbr, "UTC") == 0) {
22			- if ((res = timelib_parse_tzfile(tz_abbr, tzdb)) != NULL) {
23			+ if ((res = tz_wrapper(tz_abbr, tzdb)) != NULL) {
24			t->tz_info = res;
25			t->zone_type = TIMELIB_ZONETYPE_ID;
26			found++;
27			@@ -834,7 +834,7 @@ static long timelib_get_zone(char **ptr,
28			} \
29			}
30
31			-static int scan(Scanner *s)
32			+static int scan(Scanner *s, timelib_tz_get_wrapper tz_get_wrapper)
33			{
34			uchar *cursor = s->cur;
35			char str, ptr = NULL;
36			@@ -1006,7 +1006,7 @@ yy4:
37			DEBUG_OUTPUT("tzcorrection \| tz");
38			TIMELIB_INIT;
39			TIMELIB_HAVE_TZ();
40			- s->time->z = timelib_get_zone((char **) &ptr, &s->time->dst, s->time, &tz_not_found, s->tzdb);
41			+ s->time->z = timelib_get_zone((char **) &ptr, &s->time->dst, s->time, &tz_not_found, s->tzdb, tz_get_wrapper);
42			if (tz_not_found) {
43			add_error(s, "The timezone could not be found in the database");
44			}
45			@@ -4451,7 +4451,7 @@ yy223:
46			}
47
48			if (*ptr != '\0') {
49			- s->time->z = timelib_get_zone((char **) &ptr, &s->time->dst, s->time, &tz_not_found, s->tzdb);
50			+ s->time->z = timelib_get_zone((char **) &ptr, &s->time->dst, s->time, &tz_not_found, s->tzdb, tz_get_wrapper);
51			if (tz_not_found) {
52			add_error(s, "The timezone could not be found in the database");
53			}
54			@@ -9763,7 +9763,7 @@ yy491:
55			}
56
57			if (*ptr != '\0') {
58			- s->time->z = timelib_get_zone((char **) &ptr, &s->time->dst, s->time, &tz_not_found, s->tzdb);
59			+ s->time->z = timelib_get_zone((char **) &ptr, &s->time->dst, s->time, &tz_not_found, s->tzdb, tz_get_wrapper);
60			if (tz_not_found) {
61			add_error(s, "The timezone could not be found in the database");
62			}
63			@@ -12020,7 +12020,7 @@ yy701:
64			s->time->h = timelib_get_nr((char **) &ptr, 2);
65			s->time->i = timelib_get_nr((char **) &ptr, 2);
66			s->time->s = timelib_get_nr((char **) &ptr, 2);
67			- s->time->z = timelib_get_zone((char **) &ptr, &s->time->dst, s->time, &tz_not_found, s->tzdb);
68			+ s->time->z = timelib_get_zone((char **) &ptr, &s->time->dst, s->time, &tz_not_found, s->tzdb, tz_get_wrapper);
69			if (tz_not_found) {
70			add_error(s, "The timezone could not be found in the database");
71			}
72			@@ -13391,7 +13391,7 @@ yy843:
73			if (*ptr == '.') {
74			s->time->f = timelib_get_frac_nr((char **) &ptr, 9);
75			if (ptr) { / timezone is optional */
76			- s->time->z = timelib_get_zone((char **) &ptr, &s->time->dst, s->time, &tz_not_found, s->tzdb);
77			+ s->time->z = timelib_get_zone((char **) &ptr, &s->time->dst, s->time, &tz_not_found, s->tzdb, tz_get_wrapper);
78			if (tz_not_found) {
79			add_error(s, "The timezone could not be found in the database");
80			}
81			@@ -15731,7 +15731,7 @@ yy1076:
82			s->time->s = timelib_get_nr((char **) &ptr, 2);
83
84			if (*ptr != '\0') {
85			- s->time->z = timelib_get_zone((char **) &ptr, &s->time->dst, s->time, &tz_not_found, s->tzdb);
86			+ s->time->z = timelib_get_zone((char **) &ptr, &s->time->dst, s->time, &tz_not_found, s->tzdb, tz_get_wrapper);
87			if (tz_not_found) {
88			add_error(s, "The timezone could not be found in the database");
89			}
90			@@ -24632,7 +24632,7 @@ yy1537:
91
92			#define YYMAXFILL 31
93
94			-timelib_time* timelib_strtotime(char s, int len, struct timelib_error_container errors, const timelib_tzdb tzdb)
95			+timelib_time* timelib_strtotime(char s, int len, struct timelib_error_container errors, const timelib_tzdb tzdb, timelib_tz_get_wrapper tz_get_wrapper)
96			{
97			Scanner in;
98			int t;
99			@@ -24687,7 +24687,7 @@ timelib_time* timelib_strtotime(char *s,
100			in.time->zone_type = 0;
101
102			do {
103			- t = scan(&in);
104			+ t = scan(&in, tz_get_wrapper);
105			#ifdef DEBUG_PARSER
106			printf("%d\n", t);
107			#endif
108			@@ -24714,7 +24714,7 @@ timelib_time* timelib_strtotime(char *s,
109			}
110
111
112			-timelib_time timelib_parse_from_format(char format, char string, int len, timelib_error_container errors, const timelib_tzdb tzdb)
113			+timelib_time timelib_parse_from_format(char format, char string, int len, timelib_error_container errors, const timelib_tzdb tzdb, timelib_tz_get_wrapper tz_get_wrapper)
114			{
115			char *fptr = format;
116			char *ptr = string;
117			@@ -24880,7 +24880,7 @@ timelib_time *timelib_parse_from_format(
118			case 'O': /* timezone */
119			{
120			int tz_not_found;
121			- s->time->z = timelib_get_zone((char **) &ptr, &s->time->dst, s->time, &tz_not_found, s->tzdb);
122			+ s->time->z = timelib_get_zone((char **) &ptr, &s->time->dst, s->time, &tz_not_found, s->tzdb, tz_get_wrapper);
123			if (tz_not_found) {
124			add_pbf_error(s, "The timezone could not be found in the database", string, begin);
125			}
126			--- php-5.3.3/ext/date/lib/parse_date.re.cve0789
127			+++ php-5.3.3/ext/date/lib/parse_date.re
128			@@ -755,7 +755,7 @@ static long timelib_lookup_zone(char **p
129			return value;
130			}
131
132			-static long timelib_get_zone(char *ptr, int dst, timelib_time t, int tz_not_found, const timelib_tzdb *tzdb)
133			+static long timelib_get_zone(char *ptr, int dst, timelib_time t, int tz_not_found, const timelib_tzdb *tzdb, timelib_tz_get_wrapper tz_wrapper)
134			{
135			timelib_tzinfo *res;
136			long retval = 0;
137			@@ -804,7 +804,7 @@ static long timelib_get_zone(char **ptr,
138			#endif
139			/* If we have a TimeZone identifier to start with, use it */
140			if (strstr(tz_abbr, "/") \|\| strcmp(tz_abbr, "UTC") == 0) {
141			- if ((res = timelib_parse_tzfile(tz_abbr, tzdb)) != NULL) {
142			+ if ((res = tz_wrapper(tz_abbr, tzdb)) != NULL) {
143			t->tz_info = res;
144			t->zone_type = TIMELIB_ZONETYPE_ID;
145			found++;
146			@@ -833,7 +833,7 @@ static long timelib_get_zone(char **ptr,
147			} \
148			}
149
150			-static int scan(Scanner *s)
151			+static int scan(Scanner *s, timelib_tz_get_wrapper tz_get_wrapper)
152			{
153			uchar *cursor = s->cur;
154			char str, ptr = NULL;
155			@@ -1166,7 +1166,7 @@ weekdayof = (reltextnumber\|reltex
156			}
157
158			if (*ptr != '\0') {
159			- s->time->z = timelib_get_zone((char **) &ptr, &s->time->dst, s->time, &tz_not_found, s->tzdb);
160			+ s->time->z = timelib_get_zone((char **) &ptr, &s->time->dst, s->time, &tz_not_found, s->tzdb, tz_get_wrapper);
161			if (tz_not_found) {
162			add_error(s, "The timezone could not be found in the database");
163			}
164			@@ -1207,7 +1207,7 @@ weekdayof = (reltextnumber\|reltex
165			s->time->h = timelib_get_nr((char **) &ptr, 2);
166			s->time->i = timelib_get_nr((char **) &ptr, 2);
167			s->time->s = 0;
168			- s->time->z = timelib_get_zone((char **) &ptr, &s->time->dst, s->time, s->tzdb);
169			+ s->time->z = timelib_get_zone((char **) &ptr, &s->time->dst, s->time, s->tzdb, tz_get_wrapper);
170			break;
171			case 1:
172			s->time->y = timelib_get_nr((char **) &ptr, 4);
173			@@ -1232,7 +1232,7 @@ weekdayof = (reltextnumber\|reltex
174			s->time->s = timelib_get_nr((char **) &ptr, 2);
175
176			if (*ptr != '\0') {
177			- s->time->z = timelib_get_zone((char **) &ptr, &s->time->dst, s->time, &tz_not_found, s->tzdb);
178			+ s->time->z = timelib_get_zone((char **) &ptr, &s->time->dst, s->time, &tz_not_found, s->tzdb, tz_get_wrapper);
179			if (tz_not_found) {
180			add_error(s, "The timezone could not be found in the database");
181			}
182			@@ -1425,7 +1425,7 @@ weekdayof = (reltextnumber\|reltex
183			if (*ptr == '.') {
184			s->time->f = timelib_get_frac_nr((char **) &ptr, 9);
185			if (ptr) { / timezone is optional */
186			- s->time->z = timelib_get_zone((char **) &ptr, &s->time->dst, s->time, &tz_not_found, s->tzdb);
187			+ s->time->z = timelib_get_zone((char **) &ptr, &s->time->dst, s->time, &tz_not_found, s->tzdb, tz_get_wrapper);
188			if (tz_not_found) {
189			add_error(s, "The timezone could not be found in the database");
190			}
191			@@ -1525,7 +1525,7 @@ weekdayof = (reltextnumber\|reltex
192			s->time->h = timelib_get_nr((char **) &ptr, 2);
193			s->time->i = timelib_get_nr((char **) &ptr, 2);
194			s->time->s = timelib_get_nr((char **) &ptr, 2);
195			- s->time->z = timelib_get_zone((char **) &ptr, &s->time->dst, s->time, &tz_not_found, s->tzdb);
196			+ s->time->z = timelib_get_zone((char **) &ptr, &s->time->dst, s->time, &tz_not_found, s->tzdb, tz_get_wrapper);
197			if (tz_not_found) {
198			add_error(s, "The timezone could not be found in the database");
199			}
200			@@ -1638,7 +1638,7 @@ weekdayof = (reltextnumber\|reltex
201			DEBUG_OUTPUT("tzcorrection \| tz");
202			TIMELIB_INIT;
203			TIMELIB_HAVE_TZ();
204			- s->time->z = timelib_get_zone((char **) &ptr, &s->time->dst, s->time, &tz_not_found, s->tzdb);
205			+ s->time->z = timelib_get_zone((char **) &ptr, &s->time->dst, s->time, &tz_not_found, s->tzdb, tz_get_wrapper);
206			if (tz_not_found) {
207			add_error(s, "The timezone could not be found in the database");
208			}
209			@@ -1691,7 +1691,7 @@ weekdayof = (reltextnumber\|reltex
210			}
211
212			if (*ptr != '\0') {
213			- s->time->z = timelib_get_zone((char **) &ptr, &s->time->dst, s->time, &tz_not_found, s->tzdb);
214			+ s->time->z = timelib_get_zone((char **) &ptr, &s->time->dst, s->time, &tz_not_found, s->tzdb, tz_get_wrapper);
215			if (tz_not_found) {
216			add_error(s, "The timezone could not be found in the database");
217			}
218			@@ -1737,7 +1737,7 @@ weekdayof = (reltextnumber\|reltex
219
220			/!max:re2c /
221
222			-timelib_time* timelib_strtotime(char s, int len, struct timelib_error_container errors, const timelib_tzdb tzdb)
223			+timelib_time* timelib_strtotime(char s, int len, struct timelib_error_container errors, const timelib_tzdb tzdb, timelib_tz_get_wrapper tz_get_wrapper)
224			{
225			Scanner in;
226			int t;
227			@@ -1792,7 +1792,7 @@ timelib_time* timelib_strtotime(char *s,
228			in.time->zone_type = 0;
229
230			do {
231			- t = scan(&in);
232			+ t = scan(&in, tz_get_wrapper);
233			#ifdef DEBUG_PARSER
234			printf("%d\n", t);
235			#endif
236			@@ -1819,7 +1819,7 @@ timelib_time* timelib_strtotime(char *s,
237			}
238
239
240			-timelib_time timelib_parse_from_format(char format, char string, int len, timelib_error_container errors, const timelib_tzdb tzdb)
241			+timelib_time timelib_parse_from_format(char format, char string, int len, timelib_error_container errors, const timelib_tzdb tzdb, timelib_tz_get_wrapper tz_get_wrapper)
242			{
243			char *fptr = format;
244			char *ptr = string;
245			@@ -1985,7 +1985,7 @@ timelib_time *timelib_parse_from_format(
246			case 'O': /* timezone */
247			{
248			int tz_not_found;
249			- s->time->z = timelib_get_zone((char **) &ptr, &s->time->dst, s->time, &tz_not_found, s->tzdb);
250			+ s->time->z = timelib_get_zone((char **) &ptr, &s->time->dst, s->time, &tz_not_found, s->tzdb, tz_get_wrapper);
251			if (tz_not_found) {
252			add_pbf_error(s, "The timezone could not be found in the database", string, begin);
253			}
254			--- php-5.3.3/ext/date/lib/timelib.h.cve0789
255			+++ php-5.3.3/ext/date/lib/timelib.h
256			@@ -50,6 +50,9 @@
257			#define strncasecmp strnicmp
258			#endif
259
260			+/* Function pointers */
261			+typedef timelib_tzinfo* (timelib_tz_get_wrapper)(char tzname, const timelib_tzdb *tzdb);
262			+
263			/* From dow.c */
264			timelib_sll timelib_day_of_week(timelib_sll y, timelib_sll m, timelib_sll d);
265			timelib_sll timelib_iso_day_of_week(timelib_sll y, timelib_sll m, timelib_sll d);
266			@@ -61,8 +64,8 @@ int timelib_valid_time(timelib_sll h, ti
267			int timelib_valid_date(timelib_sll y, timelib_sll m, timelib_sll d);
268
269			/* From parse_date.re */
270			-timelib_time timelib_strtotime(char s, int len, timelib_error_container *errors, const timelib_tzdb tzdb);
271			-timelib_time timelib_parse_from_format(char format, char s, int len, timelib_error_container errors, const timelib_tzdb tzdb);
272			+timelib_time timelib_strtotime(char s, int len, timelib_error_container *errors, const timelib_tzdb tzdb, timelib_tz_get_wrapper tz_get_wrapper);
273			+timelib_time timelib_parse_from_format(char format, char s, int len, timelib_error_container errors, const timelib_tzdb tzdb, timelib_tz_get_wrapper tz_get_wrapper);
274			void timelib_fill_holes(timelib_time parsed, timelib_time now, int options);
275			char timelib_timezone_id_from_abbr(const char abbr, long gmtoffset, int isdst);
276			const timelib_tz_lookup_table *timelib_timezone_abbreviations_list(void);
277			--- php-5.3.3/ext/date/php_date.c.cve0789
278			+++ php-5.3.3/ext/date/php_date.c
279			@@ -833,6 +833,12 @@ static timelib_tzinfo *php_date_parse_tz
280			}
281			return tzi;
282			}
283			+
284			+timelib_tzinfo php_date_parse_tzfile_wrapper(char formal_tzname, const timelib_tzdb *tzdb)
285			+{
286			+ TSRMLS_FETCH();
287			+ return php_date_parse_tzfile(formal_tzname, tzdb TSRMLS_CC);
288			+}
289			/* }}} */
290
291			/* {{{ Helper functions */
292			@@ -1366,7 +1372,7 @@ PHPAPI signed long php_parse_date(char *
293			int error2;
294			signed long retval;
295
296			- parsed_time = timelib_strtotime(string, strlen(string), &error, DATE_TIMEZONEDB);
297			+ parsed_time = timelib_strtotime(string, strlen(string), &error, DATE_TIMEZONEDB, php_date_parse_tzfile_wrapper);
298			if (error->error_count) {
299			timelib_error_container_dtor(error);
300			return -1;
301			@@ -1403,7 +1409,7 @@ PHP_FUNCTION(strtotime)
302
303			initial_ts = emalloc(25);
304			snprintf(initial_ts, 24, "@%ld UTC", preset_ts);
305			- t = timelib_strtotime(initial_ts, strlen(initial_ts), NULL, DATE_TIMEZONEDB); /* we ignore the error here, as this should never fail */
306			+ t = timelib_strtotime(initial_ts, strlen(initial_ts), NULL, DATE_TIMEZONEDB, php_date_parse_tzfile_wrapper); /* we ignore the error here, as this should never fail */
307			timelib_update_ts(t, tzi);
308			now->tz_info = tzi;
309			now->zone_type = TIMELIB_ZONETYPE_ID;
310			@@ -1425,7 +1431,7 @@ PHP_FUNCTION(strtotime)
311			RETURN_FALSE;
312			}
313
314			- t = timelib_strtotime(times, time_len, &error, DATE_TIMEZONEDB);
315			+ t = timelib_strtotime(times, time_len, &error, DATE_TIMEZONEDB, php_date_parse_tzfile_wrapper);
316			error1 = error->error_count;
317			timelib_error_container_dtor(error);
318			timelib_fill_holes(t, now, TIMELIB_NO_CLONE);
319			@@ -2378,9 +2384,9 @@ static int date_initialize(php_date_obj
320			timelib_time_dtor(dateobj->time);
321			}
322			if (format) {
323			- dateobj->time = timelib_parse_from_format(format, time_str_len ? time_str : "", time_str_len ? time_str_len : 0, &err, DATE_TIMEZONEDB);
324			+ dateobj->time = timelib_parse_from_format(format, time_str_len ? time_str : "", time_str_len ? time_str_len : 0, &err, DATE_TIMEZONEDB, php_date_parse_tzfile_wrapper);
325			} else {
326			- dateobj->time = timelib_strtotime(time_str_len ? time_str : "now", time_str_len ? time_str_len : sizeof("now") -1, &err, DATE_TIMEZONEDB);
327			+ dateobj->time = timelib_strtotime(time_str_len ? time_str : "now", time_str_len ? time_str_len : sizeof("now") -1, &err, DATE_TIMEZONEDB, php_date_parse_tzfile_wrapper);
328			}
329
330			/* update last errors and warnings */
331			@@ -2714,7 +2720,7 @@ PHP_FUNCTION(date_parse)
332			RETURN_FALSE;
333			}
334
335			- parsed_time = timelib_strtotime(date, date_len, &error, DATE_TIMEZONEDB);
336			+ parsed_time = timelib_strtotime(date, date_len, &error, DATE_TIMEZONEDB, php_date_parse_tzfile_wrapper);
337			php_date_do_return_parsed_time(INTERNAL_FUNCTION_PARAM_PASSTHRU, parsed_time, error);
338			}
339			/* }}} */
340			@@ -2733,7 +2739,7 @@ PHP_FUNCTION(date_parse_from_format)
341			RETURN_FALSE;
342			}
343
344			- parsed_time = timelib_parse_from_format(format, date, date_len, &error, DATE_TIMEZONEDB);
345			+ parsed_time = timelib_parse_from_format(format, date, date_len, &error, DATE_TIMEZONEDB, php_date_parse_tzfile_wrapper);
346			php_date_do_return_parsed_time(INTERNAL_FUNCTION_PARAM_PASSTHRU, parsed_time, error);
347			}
348			/* }}} */
349			@@ -2775,7 +2781,7 @@ PHP_FUNCTION(date_modify)
350			dateobj = (php_date_obj *) zend_object_store_get_object(object TSRMLS_CC);
351			DATE_CHECK_INITIALIZED(dateobj->time, DateTime);
352
353			- tmp_time = timelib_strtotime(modify, modify_len, &err, DATE_TIMEZONEDB);
354			+ tmp_time = timelib_strtotime(modify, modify_len, &err, DATE_TIMEZONEDB, php_date_parse_tzfile_wrapper);
355
356			/* update last errors and warnings */
357			update_errors_warnings(err TSRMLS_CC);
358			@@ -3571,7 +3577,7 @@ PHP_FUNCTION(date_interval_create_from_d
359
360			date_instantiate(date_ce_interval, return_value TSRMLS_CC);
361
362			- time = timelib_strtotime(time_str, time_str_len, &err, DATE_TIMEZONEDB);
363			+ time = timelib_strtotime(time_str, time_str_len, &err, DATE_TIMEZONEDB, php_date_parse_tzfile_wrapper);
364			diobj = (php_interval_obj *) zend_object_store_get_object(return_value TSRMLS_CC);
365			diobj->diff = timelib_rel_time_clone(&time->relative);
366			diobj->initialized = 1;
367			--- php-5.3.3/ext/date/tests/bug53502.phpt.cve0789
368			+++ php-5.3.3/ext/date/tests/bug53502.phpt
369			@@ -0,0 +1,13 @@
370			+--TEST--
371			+Bug #53502 (strtotime with timezone memory leak)
372			+--INI--
373			+date.timezone=UTC
374			+--FILE--
375			+<?php
376			+for ($i = 0; $i < 1000; $i++) {
377			+ strtotime('Monday 00:00 Europe/Paris'); // Memory leak
378			+}
379			+echo "Nothing, test only makes sense through valgrind.\n";
380			+?>
381			+--EXPECT--
382			+Nothing, test only makes sense through valgrind.