1 |
slords |
1.1.2.1 |
|
2 |
|
|
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-0789 |
3 |
|
|
|
4 |
|
|
http://git.php.net/?p=php-src.git;a=commitdiff;h=5b2ce47f2e98e672873f6da0f41fff120af1e57e |
5 |
|
|
- with unrelated changes reverted |
6 |
|
|
|
7 |
|
|
--- php-5.3.3/ext/date/lib/parse_date.c.cve0789 |
8 |
|
|
+++ php-5.3.3/ext/date/lib/parse_date.c |
9 |
|
|
@@ -756,7 +756,7 @@ static long timelib_lookup_zone(char **p |
10 |
|
|
return value; |
11 |
|
|
} |
12 |
|
|
|
13 |
|
|
-static long timelib_get_zone(char **ptr, int *dst, timelib_time *t, int *tz_not_found, const timelib_tzdb *tzdb) |
14 |
|
|
+static long timelib_get_zone(char **ptr, int *dst, timelib_time *t, int *tz_not_found, const timelib_tzdb *tzdb, timelib_tz_get_wrapper tz_wrapper) |
15 |
|
|
{ |
16 |
|
|
timelib_tzinfo *res; |
17 |
|
|
long retval = 0; |
18 |
|
|
@@ -805,7 +805,7 @@ static long timelib_get_zone(char **ptr, |
19 |
|
|
#endif |
20 |
|
|
/* If we have a TimeZone identifier to start with, use it */ |
21 |
|
|
if (strstr(tz_abbr, "/") || strcmp(tz_abbr, "UTC") == 0) { |
22 |
|
|
- if ((res = timelib_parse_tzfile(tz_abbr, tzdb)) != NULL) { |
23 |
|
|
+ if ((res = tz_wrapper(tz_abbr, tzdb)) != NULL) { |
24 |
|
|
t->tz_info = res; |
25 |
|
|
t->zone_type = TIMELIB_ZONETYPE_ID; |
26 |
|
|
found++; |
27 |
|
|
@@ -834,7 +834,7 @@ static long timelib_get_zone(char **ptr, |
28 |
|
|
} \ |
29 |
|
|
} |
30 |
|
|
|
31 |
|
|
-static int scan(Scanner *s) |
32 |
|
|
+static int scan(Scanner *s, timelib_tz_get_wrapper tz_get_wrapper) |
33 |
|
|
{ |
34 |
|
|
uchar *cursor = s->cur; |
35 |
|
|
char *str, *ptr = NULL; |
36 |
|
|
@@ -1006,7 +1006,7 @@ yy4: |
37 |
|
|
DEBUG_OUTPUT("tzcorrection | tz"); |
38 |
|
|
TIMELIB_INIT; |
39 |
|
|
TIMELIB_HAVE_TZ(); |
40 |
|
|
- s->time->z = timelib_get_zone((char **) &ptr, &s->time->dst, s->time, &tz_not_found, s->tzdb); |
41 |
|
|
+ s->time->z = timelib_get_zone((char **) &ptr, &s->time->dst, s->time, &tz_not_found, s->tzdb, tz_get_wrapper); |
42 |
|
|
if (tz_not_found) { |
43 |
|
|
add_error(s, "The timezone could not be found in the database"); |
44 |
|
|
} |
45 |
|
|
@@ -4451,7 +4451,7 @@ yy223: |
46 |
|
|
} |
47 |
|
|
|
48 |
|
|
if (*ptr != '\0') { |
49 |
|
|
- s->time->z = timelib_get_zone((char **) &ptr, &s->time->dst, s->time, &tz_not_found, s->tzdb); |
50 |
|
|
+ s->time->z = timelib_get_zone((char **) &ptr, &s->time->dst, s->time, &tz_not_found, s->tzdb, tz_get_wrapper); |
51 |
|
|
if (tz_not_found) { |
52 |
|
|
add_error(s, "The timezone could not be found in the database"); |
53 |
|
|
} |
54 |
|
|
@@ -9763,7 +9763,7 @@ yy491: |
55 |
|
|
} |
56 |
|
|
|
57 |
|
|
if (*ptr != '\0') { |
58 |
|
|
- s->time->z = timelib_get_zone((char **) &ptr, &s->time->dst, s->time, &tz_not_found, s->tzdb); |
59 |
|
|
+ s->time->z = timelib_get_zone((char **) &ptr, &s->time->dst, s->time, &tz_not_found, s->tzdb, tz_get_wrapper); |
60 |
|
|
if (tz_not_found) { |
61 |
|
|
add_error(s, "The timezone could not be found in the database"); |
62 |
|
|
} |
63 |
|
|
@@ -12020,7 +12020,7 @@ yy701: |
64 |
|
|
s->time->h = timelib_get_nr((char **) &ptr, 2); |
65 |
|
|
s->time->i = timelib_get_nr((char **) &ptr, 2); |
66 |
|
|
s->time->s = timelib_get_nr((char **) &ptr, 2); |
67 |
|
|
- s->time->z = timelib_get_zone((char **) &ptr, &s->time->dst, s->time, &tz_not_found, s->tzdb); |
68 |
|
|
+ s->time->z = timelib_get_zone((char **) &ptr, &s->time->dst, s->time, &tz_not_found, s->tzdb, tz_get_wrapper); |
69 |
|
|
if (tz_not_found) { |
70 |
|
|
add_error(s, "The timezone could not be found in the database"); |
71 |
|
|
} |
72 |
|
|
@@ -13391,7 +13391,7 @@ yy843: |
73 |
|
|
if (*ptr == '.') { |
74 |
|
|
s->time->f = timelib_get_frac_nr((char **) &ptr, 9); |
75 |
|
|
if (*ptr) { /* timezone is optional */ |
76 |
|
|
- s->time->z = timelib_get_zone((char **) &ptr, &s->time->dst, s->time, &tz_not_found, s->tzdb); |
77 |
|
|
+ s->time->z = timelib_get_zone((char **) &ptr, &s->time->dst, s->time, &tz_not_found, s->tzdb, tz_get_wrapper); |
78 |
|
|
if (tz_not_found) { |
79 |
|
|
add_error(s, "The timezone could not be found in the database"); |
80 |
|
|
} |
81 |
|
|
@@ -15731,7 +15731,7 @@ yy1076: |
82 |
|
|
s->time->s = timelib_get_nr((char **) &ptr, 2); |
83 |
|
|
|
84 |
|
|
if (*ptr != '\0') { |
85 |
|
|
- s->time->z = timelib_get_zone((char **) &ptr, &s->time->dst, s->time, &tz_not_found, s->tzdb); |
86 |
|
|
+ s->time->z = timelib_get_zone((char **) &ptr, &s->time->dst, s->time, &tz_not_found, s->tzdb, tz_get_wrapper); |
87 |
|
|
if (tz_not_found) { |
88 |
|
|
add_error(s, "The timezone could not be found in the database"); |
89 |
|
|
} |
90 |
|
|
@@ -24632,7 +24632,7 @@ yy1537: |
91 |
|
|
|
92 |
|
|
#define YYMAXFILL 31 |
93 |
|
|
|
94 |
|
|
-timelib_time* timelib_strtotime(char *s, int len, struct timelib_error_container **errors, const timelib_tzdb *tzdb) |
95 |
|
|
+timelib_time* timelib_strtotime(char *s, int len, struct timelib_error_container **errors, const timelib_tzdb *tzdb, timelib_tz_get_wrapper tz_get_wrapper) |
96 |
|
|
{ |
97 |
|
|
Scanner in; |
98 |
|
|
int t; |
99 |
|
|
@@ -24687,7 +24687,7 @@ timelib_time* timelib_strtotime(char *s, |
100 |
|
|
in.time->zone_type = 0; |
101 |
|
|
|
102 |
|
|
do { |
103 |
|
|
- t = scan(&in); |
104 |
|
|
+ t = scan(&in, tz_get_wrapper); |
105 |
|
|
#ifdef DEBUG_PARSER |
106 |
|
|
printf("%d\n", t); |
107 |
|
|
#endif |
108 |
|
|
@@ -24714,7 +24714,7 @@ timelib_time* timelib_strtotime(char *s, |
109 |
|
|
} |
110 |
|
|
|
111 |
|
|
|
112 |
|
|
-timelib_time *timelib_parse_from_format(char *format, char *string, int len, timelib_error_container **errors, const timelib_tzdb *tzdb) |
113 |
|
|
+timelib_time *timelib_parse_from_format(char *format, char *string, int len, timelib_error_container **errors, const timelib_tzdb *tzdb, timelib_tz_get_wrapper tz_get_wrapper) |
114 |
|
|
{ |
115 |
|
|
char *fptr = format; |
116 |
|
|
char *ptr = string; |
117 |
|
|
@@ -24880,7 +24880,7 @@ timelib_time *timelib_parse_from_format( |
118 |
|
|
case 'O': /* timezone */ |
119 |
|
|
{ |
120 |
|
|
int tz_not_found; |
121 |
|
|
- s->time->z = timelib_get_zone((char **) &ptr, &s->time->dst, s->time, &tz_not_found, s->tzdb); |
122 |
|
|
+ s->time->z = timelib_get_zone((char **) &ptr, &s->time->dst, s->time, &tz_not_found, s->tzdb, tz_get_wrapper); |
123 |
|
|
if (tz_not_found) { |
124 |
|
|
add_pbf_error(s, "The timezone could not be found in the database", string, begin); |
125 |
|
|
} |
126 |
|
|
--- php-5.3.3/ext/date/lib/parse_date.re.cve0789 |
127 |
|
|
+++ php-5.3.3/ext/date/lib/parse_date.re |
128 |
|
|
@@ -755,7 +755,7 @@ static long timelib_lookup_zone(char **p |
129 |
|
|
return value; |
130 |
|
|
} |
131 |
|
|
|
132 |
|
|
-static long timelib_get_zone(char **ptr, int *dst, timelib_time *t, int *tz_not_found, const timelib_tzdb *tzdb) |
133 |
|
|
+static long timelib_get_zone(char **ptr, int *dst, timelib_time *t, int *tz_not_found, const timelib_tzdb *tzdb, timelib_tz_get_wrapper tz_wrapper) |
134 |
|
|
{ |
135 |
|
|
timelib_tzinfo *res; |
136 |
|
|
long retval = 0; |
137 |
|
|
@@ -804,7 +804,7 @@ static long timelib_get_zone(char **ptr, |
138 |
|
|
#endif |
139 |
|
|
/* If we have a TimeZone identifier to start with, use it */ |
140 |
|
|
if (strstr(tz_abbr, "/") || strcmp(tz_abbr, "UTC") == 0) { |
141 |
|
|
- if ((res = timelib_parse_tzfile(tz_abbr, tzdb)) != NULL) { |
142 |
|
|
+ if ((res = tz_wrapper(tz_abbr, tzdb)) != NULL) { |
143 |
|
|
t->tz_info = res; |
144 |
|
|
t->zone_type = TIMELIB_ZONETYPE_ID; |
145 |
|
|
found++; |
146 |
|
|
@@ -833,7 +833,7 @@ static long timelib_get_zone(char **ptr, |
147 |
|
|
} \ |
148 |
|
|
} |
149 |
|
|
|
150 |
|
|
-static int scan(Scanner *s) |
151 |
|
|
+static int scan(Scanner *s, timelib_tz_get_wrapper tz_get_wrapper) |
152 |
|
|
{ |
153 |
|
|
uchar *cursor = s->cur; |
154 |
|
|
char *str, *ptr = NULL; |
155 |
|
|
@@ -1166,7 +1166,7 @@ weekdayof = (reltextnumber|reltex |
156 |
|
|
} |
157 |
|
|
|
158 |
|
|
if (*ptr != '\0') { |
159 |
|
|
- s->time->z = timelib_get_zone((char **) &ptr, &s->time->dst, s->time, &tz_not_found, s->tzdb); |
160 |
|
|
+ s->time->z = timelib_get_zone((char **) &ptr, &s->time->dst, s->time, &tz_not_found, s->tzdb, tz_get_wrapper); |
161 |
|
|
if (tz_not_found) { |
162 |
|
|
add_error(s, "The timezone could not be found in the database"); |
163 |
|
|
} |
164 |
|
|
@@ -1207,7 +1207,7 @@ weekdayof = (reltextnumber|reltex |
165 |
|
|
s->time->h = timelib_get_nr((char **) &ptr, 2); |
166 |
|
|
s->time->i = timelib_get_nr((char **) &ptr, 2); |
167 |
|
|
s->time->s = 0; |
168 |
|
|
- s->time->z = timelib_get_zone((char **) &ptr, &s->time->dst, s->time, s->tzdb); |
169 |
|
|
+ s->time->z = timelib_get_zone((char **) &ptr, &s->time->dst, s->time, s->tzdb, tz_get_wrapper); |
170 |
|
|
break; |
171 |
|
|
case 1: |
172 |
|
|
s->time->y = timelib_get_nr((char **) &ptr, 4); |
173 |
|
|
@@ -1232,7 +1232,7 @@ weekdayof = (reltextnumber|reltex |
174 |
|
|
s->time->s = timelib_get_nr((char **) &ptr, 2); |
175 |
|
|
|
176 |
|
|
if (*ptr != '\0') { |
177 |
|
|
- s->time->z = timelib_get_zone((char **) &ptr, &s->time->dst, s->time, &tz_not_found, s->tzdb); |
178 |
|
|
+ s->time->z = timelib_get_zone((char **) &ptr, &s->time->dst, s->time, &tz_not_found, s->tzdb, tz_get_wrapper); |
179 |
|
|
if (tz_not_found) { |
180 |
|
|
add_error(s, "The timezone could not be found in the database"); |
181 |
|
|
} |
182 |
|
|
@@ -1425,7 +1425,7 @@ weekdayof = (reltextnumber|reltex |
183 |
|
|
if (*ptr == '.') { |
184 |
|
|
s->time->f = timelib_get_frac_nr((char **) &ptr, 9); |
185 |
|
|
if (*ptr) { /* timezone is optional */ |
186 |
|
|
- s->time->z = timelib_get_zone((char **) &ptr, &s->time->dst, s->time, &tz_not_found, s->tzdb); |
187 |
|
|
+ s->time->z = timelib_get_zone((char **) &ptr, &s->time->dst, s->time, &tz_not_found, s->tzdb, tz_get_wrapper); |
188 |
|
|
if (tz_not_found) { |
189 |
|
|
add_error(s, "The timezone could not be found in the database"); |
190 |
|
|
} |
191 |
|
|
@@ -1525,7 +1525,7 @@ weekdayof = (reltextnumber|reltex |
192 |
|
|
s->time->h = timelib_get_nr((char **) &ptr, 2); |
193 |
|
|
s->time->i = timelib_get_nr((char **) &ptr, 2); |
194 |
|
|
s->time->s = timelib_get_nr((char **) &ptr, 2); |
195 |
|
|
- s->time->z = timelib_get_zone((char **) &ptr, &s->time->dst, s->time, &tz_not_found, s->tzdb); |
196 |
|
|
+ s->time->z = timelib_get_zone((char **) &ptr, &s->time->dst, s->time, &tz_not_found, s->tzdb, tz_get_wrapper); |
197 |
|
|
if (tz_not_found) { |
198 |
|
|
add_error(s, "The timezone could not be found in the database"); |
199 |
|
|
} |
200 |
|
|
@@ -1638,7 +1638,7 @@ weekdayof = (reltextnumber|reltex |
201 |
|
|
DEBUG_OUTPUT("tzcorrection | tz"); |
202 |
|
|
TIMELIB_INIT; |
203 |
|
|
TIMELIB_HAVE_TZ(); |
204 |
|
|
- s->time->z = timelib_get_zone((char **) &ptr, &s->time->dst, s->time, &tz_not_found, s->tzdb); |
205 |
|
|
+ s->time->z = timelib_get_zone((char **) &ptr, &s->time->dst, s->time, &tz_not_found, s->tzdb, tz_get_wrapper); |
206 |
|
|
if (tz_not_found) { |
207 |
|
|
add_error(s, "The timezone could not be found in the database"); |
208 |
|
|
} |
209 |
|
|
@@ -1691,7 +1691,7 @@ weekdayof = (reltextnumber|reltex |
210 |
|
|
} |
211 |
|
|
|
212 |
|
|
if (*ptr != '\0') { |
213 |
|
|
- s->time->z = timelib_get_zone((char **) &ptr, &s->time->dst, s->time, &tz_not_found, s->tzdb); |
214 |
|
|
+ s->time->z = timelib_get_zone((char **) &ptr, &s->time->dst, s->time, &tz_not_found, s->tzdb, tz_get_wrapper); |
215 |
|
|
if (tz_not_found) { |
216 |
|
|
add_error(s, "The timezone could not be found in the database"); |
217 |
|
|
} |
218 |
|
|
@@ -1737,7 +1737,7 @@ weekdayof = (reltextnumber|reltex |
219 |
|
|
|
220 |
|
|
/*!max:re2c */ |
221 |
|
|
|
222 |
|
|
-timelib_time* timelib_strtotime(char *s, int len, struct timelib_error_container **errors, const timelib_tzdb *tzdb) |
223 |
|
|
+timelib_time* timelib_strtotime(char *s, int len, struct timelib_error_container **errors, const timelib_tzdb *tzdb, timelib_tz_get_wrapper tz_get_wrapper) |
224 |
|
|
{ |
225 |
|
|
Scanner in; |
226 |
|
|
int t; |
227 |
|
|
@@ -1792,7 +1792,7 @@ timelib_time* timelib_strtotime(char *s, |
228 |
|
|
in.time->zone_type = 0; |
229 |
|
|
|
230 |
|
|
do { |
231 |
|
|
- t = scan(&in); |
232 |
|
|
+ t = scan(&in, tz_get_wrapper); |
233 |
|
|
#ifdef DEBUG_PARSER |
234 |
|
|
printf("%d\n", t); |
235 |
|
|
#endif |
236 |
|
|
@@ -1819,7 +1819,7 @@ timelib_time* timelib_strtotime(char *s, |
237 |
|
|
} |
238 |
|
|
|
239 |
|
|
|
240 |
|
|
-timelib_time *timelib_parse_from_format(char *format, char *string, int len, timelib_error_container **errors, const timelib_tzdb *tzdb) |
241 |
|
|
+timelib_time *timelib_parse_from_format(char *format, char *string, int len, timelib_error_container **errors, const timelib_tzdb *tzdb, timelib_tz_get_wrapper tz_get_wrapper) |
242 |
|
|
{ |
243 |
|
|
char *fptr = format; |
244 |
|
|
char *ptr = string; |
245 |
|
|
@@ -1985,7 +1985,7 @@ timelib_time *timelib_parse_from_format( |
246 |
|
|
case 'O': /* timezone */ |
247 |
|
|
{ |
248 |
|
|
int tz_not_found; |
249 |
|
|
- s->time->z = timelib_get_zone((char **) &ptr, &s->time->dst, s->time, &tz_not_found, s->tzdb); |
250 |
|
|
+ s->time->z = timelib_get_zone((char **) &ptr, &s->time->dst, s->time, &tz_not_found, s->tzdb, tz_get_wrapper); |
251 |
|
|
if (tz_not_found) { |
252 |
|
|
add_pbf_error(s, "The timezone could not be found in the database", string, begin); |
253 |
|
|
} |
254 |
|
|
--- php-5.3.3/ext/date/lib/timelib.h.cve0789 |
255 |
|
|
+++ php-5.3.3/ext/date/lib/timelib.h |
256 |
|
|
@@ -50,6 +50,9 @@ |
257 |
|
|
#define strncasecmp strnicmp |
258 |
|
|
#endif |
259 |
|
|
|
260 |
|
|
+/* Function pointers */ |
261 |
|
|
+typedef timelib_tzinfo* (*timelib_tz_get_wrapper)(char *tzname, const timelib_tzdb *tzdb); |
262 |
|
|
+ |
263 |
|
|
/* From dow.c */ |
264 |
|
|
timelib_sll timelib_day_of_week(timelib_sll y, timelib_sll m, timelib_sll d); |
265 |
|
|
timelib_sll timelib_iso_day_of_week(timelib_sll y, timelib_sll m, timelib_sll d); |
266 |
|
|
@@ -61,8 +64,8 @@ int timelib_valid_time(timelib_sll h, ti |
267 |
|
|
int timelib_valid_date(timelib_sll y, timelib_sll m, timelib_sll d); |
268 |
|
|
|
269 |
|
|
/* From parse_date.re */ |
270 |
|
|
-timelib_time *timelib_strtotime(char *s, int len, timelib_error_container **errors, const timelib_tzdb *tzdb); |
271 |
|
|
-timelib_time *timelib_parse_from_format(char *format, char *s, int len, timelib_error_container **errors, const timelib_tzdb *tzdb); |
272 |
|
|
+timelib_time *timelib_strtotime(char *s, int len, timelib_error_container **errors, const timelib_tzdb *tzdb, timelib_tz_get_wrapper tz_get_wrapper); |
273 |
|
|
+timelib_time *timelib_parse_from_format(char *format, char *s, int len, timelib_error_container **errors, const timelib_tzdb *tzdb, timelib_tz_get_wrapper tz_get_wrapper); |
274 |
|
|
void timelib_fill_holes(timelib_time *parsed, timelib_time *now, int options); |
275 |
|
|
char *timelib_timezone_id_from_abbr(const char *abbr, long gmtoffset, int isdst); |
276 |
|
|
const timelib_tz_lookup_table *timelib_timezone_abbreviations_list(void); |
277 |
|
|
--- php-5.3.3/ext/date/php_date.c.cve0789 |
278 |
|
|
+++ php-5.3.3/ext/date/php_date.c |
279 |
|
|
@@ -833,6 +833,12 @@ static timelib_tzinfo *php_date_parse_tz |
280 |
|
|
} |
281 |
|
|
return tzi; |
282 |
|
|
} |
283 |
|
|
+ |
284 |
|
|
+timelib_tzinfo *php_date_parse_tzfile_wrapper(char *formal_tzname, const timelib_tzdb *tzdb) |
285 |
|
|
+{ |
286 |
|
|
+ TSRMLS_FETCH(); |
287 |
|
|
+ return php_date_parse_tzfile(formal_tzname, tzdb TSRMLS_CC); |
288 |
|
|
+} |
289 |
|
|
/* }}} */ |
290 |
|
|
|
291 |
|
|
/* {{{ Helper functions */ |
292 |
|
|
@@ -1366,7 +1372,7 @@ PHPAPI signed long php_parse_date(char * |
293 |
|
|
int error2; |
294 |
|
|
signed long retval; |
295 |
|
|
|
296 |
|
|
- parsed_time = timelib_strtotime(string, strlen(string), &error, DATE_TIMEZONEDB); |
297 |
|
|
+ parsed_time = timelib_strtotime(string, strlen(string), &error, DATE_TIMEZONEDB, php_date_parse_tzfile_wrapper); |
298 |
|
|
if (error->error_count) { |
299 |
|
|
timelib_error_container_dtor(error); |
300 |
|
|
return -1; |
301 |
|
|
@@ -1403,7 +1409,7 @@ PHP_FUNCTION(strtotime) |
302 |
|
|
|
303 |
|
|
initial_ts = emalloc(25); |
304 |
|
|
snprintf(initial_ts, 24, "@%ld UTC", preset_ts); |
305 |
|
|
- t = timelib_strtotime(initial_ts, strlen(initial_ts), NULL, DATE_TIMEZONEDB); /* we ignore the error here, as this should never fail */ |
306 |
|
|
+ t = timelib_strtotime(initial_ts, strlen(initial_ts), NULL, DATE_TIMEZONEDB, php_date_parse_tzfile_wrapper); /* we ignore the error here, as this should never fail */ |
307 |
|
|
timelib_update_ts(t, tzi); |
308 |
|
|
now->tz_info = tzi; |
309 |
|
|
now->zone_type = TIMELIB_ZONETYPE_ID; |
310 |
|
|
@@ -1425,7 +1431,7 @@ PHP_FUNCTION(strtotime) |
311 |
|
|
RETURN_FALSE; |
312 |
|
|
} |
313 |
|
|
|
314 |
|
|
- t = timelib_strtotime(times, time_len, &error, DATE_TIMEZONEDB); |
315 |
|
|
+ t = timelib_strtotime(times, time_len, &error, DATE_TIMEZONEDB, php_date_parse_tzfile_wrapper); |
316 |
|
|
error1 = error->error_count; |
317 |
|
|
timelib_error_container_dtor(error); |
318 |
|
|
timelib_fill_holes(t, now, TIMELIB_NO_CLONE); |
319 |
|
|
@@ -2378,9 +2384,9 @@ static int date_initialize(php_date_obj |
320 |
|
|
timelib_time_dtor(dateobj->time); |
321 |
|
|
} |
322 |
|
|
if (format) { |
323 |
|
|
- dateobj->time = timelib_parse_from_format(format, time_str_len ? time_str : "", time_str_len ? time_str_len : 0, &err, DATE_TIMEZONEDB); |
324 |
|
|
+ dateobj->time = timelib_parse_from_format(format, time_str_len ? time_str : "", time_str_len ? time_str_len : 0, &err, DATE_TIMEZONEDB, php_date_parse_tzfile_wrapper); |
325 |
|
|
} else { |
326 |
|
|
- dateobj->time = timelib_strtotime(time_str_len ? time_str : "now", time_str_len ? time_str_len : sizeof("now") -1, &err, DATE_TIMEZONEDB); |
327 |
|
|
+ dateobj->time = timelib_strtotime(time_str_len ? time_str : "now", time_str_len ? time_str_len : sizeof("now") -1, &err, DATE_TIMEZONEDB, php_date_parse_tzfile_wrapper); |
328 |
|
|
} |
329 |
|
|
|
330 |
|
|
/* update last errors and warnings */ |
331 |
|
|
@@ -2714,7 +2720,7 @@ PHP_FUNCTION(date_parse) |
332 |
|
|
RETURN_FALSE; |
333 |
|
|
} |
334 |
|
|
|
335 |
|
|
- parsed_time = timelib_strtotime(date, date_len, &error, DATE_TIMEZONEDB); |
336 |
|
|
+ parsed_time = timelib_strtotime(date, date_len, &error, DATE_TIMEZONEDB, php_date_parse_tzfile_wrapper); |
337 |
|
|
php_date_do_return_parsed_time(INTERNAL_FUNCTION_PARAM_PASSTHRU, parsed_time, error); |
338 |
|
|
} |
339 |
|
|
/* }}} */ |
340 |
|
|
@@ -2733,7 +2739,7 @@ PHP_FUNCTION(date_parse_from_format) |
341 |
|
|
RETURN_FALSE; |
342 |
|
|
} |
343 |
|
|
|
344 |
|
|
- parsed_time = timelib_parse_from_format(format, date, date_len, &error, DATE_TIMEZONEDB); |
345 |
|
|
+ parsed_time = timelib_parse_from_format(format, date, date_len, &error, DATE_TIMEZONEDB, php_date_parse_tzfile_wrapper); |
346 |
|
|
php_date_do_return_parsed_time(INTERNAL_FUNCTION_PARAM_PASSTHRU, parsed_time, error); |
347 |
|
|
} |
348 |
|
|
/* }}} */ |
349 |
|
|
@@ -2775,7 +2781,7 @@ PHP_FUNCTION(date_modify) |
350 |
|
|
dateobj = (php_date_obj *) zend_object_store_get_object(object TSRMLS_CC); |
351 |
|
|
DATE_CHECK_INITIALIZED(dateobj->time, DateTime); |
352 |
|
|
|
353 |
|
|
- tmp_time = timelib_strtotime(modify, modify_len, &err, DATE_TIMEZONEDB); |
354 |
|
|
+ tmp_time = timelib_strtotime(modify, modify_len, &err, DATE_TIMEZONEDB, php_date_parse_tzfile_wrapper); |
355 |
|
|
|
356 |
|
|
/* update last errors and warnings */ |
357 |
|
|
update_errors_warnings(err TSRMLS_CC); |
358 |
|
|
@@ -3571,7 +3577,7 @@ PHP_FUNCTION(date_interval_create_from_d |
359 |
|
|
|
360 |
|
|
date_instantiate(date_ce_interval, return_value TSRMLS_CC); |
361 |
|
|
|
362 |
|
|
- time = timelib_strtotime(time_str, time_str_len, &err, DATE_TIMEZONEDB); |
363 |
|
|
+ time = timelib_strtotime(time_str, time_str_len, &err, DATE_TIMEZONEDB, php_date_parse_tzfile_wrapper); |
364 |
|
|
diobj = (php_interval_obj *) zend_object_store_get_object(return_value TSRMLS_CC); |
365 |
|
|
diobj->diff = timelib_rel_time_clone(&time->relative); |
366 |
|
|
diobj->initialized = 1; |
367 |
|
|
--- php-5.3.3/ext/date/tests/bug53502.phpt.cve0789 |
368 |
|
|
+++ php-5.3.3/ext/date/tests/bug53502.phpt |
369 |
|
|
@@ -0,0 +1,13 @@ |
370 |
|
|
+--TEST-- |
371 |
|
|
+Bug #53502 (strtotime with timezone memory leak) |
372 |
|
|
+--INI-- |
373 |
|
|
+date.timezone=UTC |
374 |
|
|
+--FILE-- |
375 |
|
|
+<?php |
376 |
|
|
+for ($i = 0; $i < 1000; $i++) { |
377 |
|
|
+ strtotime('Monday 00:00 Europe/Paris'); // Memory leak |
378 |
|
|
+} |
379 |
|
|
+echo "Nothing, test only makes sense through valgrind.\n"; |
380 |
|
|
+?> |
381 |
|
|
+--EXPECT-- |
382 |
|
|
+Nothing, test only makes sense through valgrind. |