/[smeserver]/rpms/php/sme8/php-5.3.3-CVE-2012-0789.patch
ViewVC logotype

Diff of /rpms/php/sme8/php-5.3.3-CVE-2012-0789.patch

Parent Directory Parent Directory | Revision Log Revision Log | View Revision Graph Revision Graph | View Patch Patch

Revision 1.1 by slords, Fri Jun 29 14:45:08 2012 UTC Revision 1.2 by slords, Fri Jun 29 14:54:00 2012 UTC
# Line 0  Line 1 
1    
2    https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-0789
3    
4    http://git.php.net/?p=php-src.git;a=commitdiff;h=5b2ce47f2e98e672873f6da0f41fff120af1e57e
5     - with unrelated changes reverted
6    
7    --- php-5.3.3/ext/date/lib/parse_date.c.cve0789
8    +++ php-5.3.3/ext/date/lib/parse_date.c
9    @@ -756,7 +756,7 @@ static long timelib_lookup_zone(char **p
10            return value;
11     }
12    
13    -static long timelib_get_zone(char **ptr, int *dst, timelib_time *t, int *tz_not_found, const timelib_tzdb *tzdb)
14    +static long timelib_get_zone(char **ptr, int *dst, timelib_time *t, int *tz_not_found, const timelib_tzdb *tzdb, timelib_tz_get_wrapper tz_wrapper)
15     {
16            timelib_tzinfo *res;
17            long            retval = 0;
18    @@ -805,7 +805,7 @@ static long timelib_get_zone(char **ptr,
19     #endif
20                    /* If we have a TimeZone identifier to start with, use it */
21                    if (strstr(tz_abbr, "/") || strcmp(tz_abbr, "UTC") == 0) {
22    -                       if ((res = timelib_parse_tzfile(tz_abbr, tzdb)) != NULL) {
23    +                       if ((res = tz_wrapper(tz_abbr, tzdb)) != NULL) {
24                                    t->tz_info = res;
25                                    t->zone_type = TIMELIB_ZONETYPE_ID;
26                                    found++;
27    @@ -834,7 +834,7 @@ static long timelib_get_zone(char **ptr,
28            }                              \
29     }
30    
31    -static int scan(Scanner *s)
32    +static int scan(Scanner *s, timelib_tz_get_wrapper tz_get_wrapper)
33     {
34            uchar *cursor = s->cur;
35            char *str, *ptr = NULL;
36    @@ -1006,7 +1006,7 @@ yy4:
37                    DEBUG_OUTPUT("tzcorrection | tz");
38                    TIMELIB_INIT;
39                    TIMELIB_HAVE_TZ();
40    -               s->time->z = timelib_get_zone((char **) &ptr, &s->time->dst, s->time, &tz_not_found, s->tzdb);
41    +               s->time->z = timelib_get_zone((char **) &ptr, &s->time->dst, s->time, &tz_not_found, s->tzdb, tz_get_wrapper);
42                    if (tz_not_found) {
43                            add_error(s, "The timezone could not be found in the database");
44                    }
45    @@ -4451,7 +4451,7 @@ yy223:
46                    }
47    
48                    if (*ptr != '\0') {
49    -                       s->time->z = timelib_get_zone((char **) &ptr, &s->time->dst, s->time, &tz_not_found, s->tzdb);
50    +                       s->time->z = timelib_get_zone((char **) &ptr, &s->time->dst, s->time, &tz_not_found, s->tzdb, tz_get_wrapper);
51                            if (tz_not_found) {
52                                    add_error(s, "The timezone could not be found in the database");
53                            }
54    @@ -9763,7 +9763,7 @@ yy491:
55                    }
56    
57                    if (*ptr != '\0') {
58    -                       s->time->z = timelib_get_zone((char **) &ptr, &s->time->dst, s->time, &tz_not_found, s->tzdb);
59    +                       s->time->z = timelib_get_zone((char **) &ptr, &s->time->dst, s->time, &tz_not_found, s->tzdb, tz_get_wrapper);
60                            if (tz_not_found) {
61                                    add_error(s, "The timezone could not be found in the database");
62                            }
63    @@ -12020,7 +12020,7 @@ yy701:
64                    s->time->h = timelib_get_nr((char **) &ptr, 2);
65                    s->time->i = timelib_get_nr((char **) &ptr, 2);
66                    s->time->s = timelib_get_nr((char **) &ptr, 2);
67    -               s->time->z = timelib_get_zone((char **) &ptr, &s->time->dst, s->time, &tz_not_found, s->tzdb);
68    +               s->time->z = timelib_get_zone((char **) &ptr, &s->time->dst, s->time, &tz_not_found, s->tzdb, tz_get_wrapper);
69                    if (tz_not_found) {
70                            add_error(s, "The timezone could not be found in the database");
71                    }
72    @@ -13391,7 +13391,7 @@ yy843:
73                    if (*ptr == '.') {
74                            s->time->f = timelib_get_frac_nr((char **) &ptr, 9);
75                            if (*ptr) { /* timezone is optional */
76    -                               s->time->z = timelib_get_zone((char **) &ptr, &s->time->dst, s->time, &tz_not_found, s->tzdb);
77    +                               s->time->z = timelib_get_zone((char **) &ptr, &s->time->dst, s->time, &tz_not_found, s->tzdb, tz_get_wrapper);
78                                    if (tz_not_found) {
79                                            add_error(s, "The timezone could not be found in the database");
80                                    }
81    @@ -15731,7 +15731,7 @@ yy1076:
82                    s->time->s = timelib_get_nr((char **) &ptr, 2);
83    
84                    if (*ptr != '\0') {
85    -                       s->time->z = timelib_get_zone((char **) &ptr, &s->time->dst, s->time, &tz_not_found, s->tzdb);
86    +                       s->time->z = timelib_get_zone((char **) &ptr, &s->time->dst, s->time, &tz_not_found, s->tzdb, tz_get_wrapper);
87                            if (tz_not_found) {
88                                    add_error(s, "The timezone could not be found in the database");
89                            }
90    @@ -24632,7 +24632,7 @@ yy1537:
91    
92     #define YYMAXFILL 31
93    
94    -timelib_time* timelib_strtotime(char *s, int len, struct timelib_error_container **errors, const timelib_tzdb *tzdb)
95    +timelib_time* timelib_strtotime(char *s, int len, struct timelib_error_container **errors, const timelib_tzdb *tzdb, timelib_tz_get_wrapper tz_get_wrapper)
96     {
97            Scanner in;
98            int t;
99    @@ -24687,7 +24687,7 @@ timelib_time* timelib_strtotime(char *s,
100            in.time->zone_type = 0;
101    
102            do {
103    -               t = scan(&in);
104    +               t = scan(&in, tz_get_wrapper);
105     #ifdef DEBUG_PARSER
106                    printf("%d\n", t);
107     #endif
108    @@ -24714,7 +24714,7 @@ timelib_time* timelib_strtotime(char *s,
109                    }
110    
111    
112    -timelib_time *timelib_parse_from_format(char *format, char *string, int len, timelib_error_container **errors, const timelib_tzdb *tzdb)
113    +timelib_time *timelib_parse_from_format(char *format, char *string, int len, timelib_error_container **errors, const timelib_tzdb *tzdb, timelib_tz_get_wrapper tz_get_wrapper)
114     {
115            char       *fptr = format;
116            char       *ptr = string;
117    @@ -24880,7 +24880,7 @@ timelib_time *timelib_parse_from_format(
118                            case 'O': /* timezone */
119                                    {
120                                            int tz_not_found;
121    -                                       s->time->z = timelib_get_zone((char **) &ptr, &s->time->dst, s->time, &tz_not_found, s->tzdb);
122    +                                       s->time->z = timelib_get_zone((char **) &ptr, &s->time->dst, s->time, &tz_not_found, s->tzdb, tz_get_wrapper);
123                                            if (tz_not_found) {
124                                                    add_pbf_error(s, "The timezone could not be found in the database", string, begin);
125                                            }
126    --- php-5.3.3/ext/date/lib/parse_date.re.cve0789
127    +++ php-5.3.3/ext/date/lib/parse_date.re
128    @@ -755,7 +755,7 @@ static long timelib_lookup_zone(char **p
129            return value;
130     }
131    
132    -static long timelib_get_zone(char **ptr, int *dst, timelib_time *t, int *tz_not_found, const timelib_tzdb *tzdb)
133    +static long timelib_get_zone(char **ptr, int *dst, timelib_time *t, int *tz_not_found, const timelib_tzdb *tzdb, timelib_tz_get_wrapper tz_wrapper)
134     {
135            timelib_tzinfo *res;
136            long            retval = 0;
137    @@ -804,7 +804,7 @@ static long timelib_get_zone(char **ptr,
138     #endif
139                    /* If we have a TimeZone identifier to start with, use it */
140                    if (strstr(tz_abbr, "/") || strcmp(tz_abbr, "UTC") == 0) {
141    -                       if ((res = timelib_parse_tzfile(tz_abbr, tzdb)) != NULL) {
142    +                       if ((res = tz_wrapper(tz_abbr, tzdb)) != NULL) {
143                                    t->tz_info = res;
144                                    t->zone_type = TIMELIB_ZONETYPE_ID;
145                                    found++;
146    @@ -833,7 +833,7 @@ static long timelib_get_zone(char **ptr,
147            }                              \
148     }
149    
150    -static int scan(Scanner *s)
151    +static int scan(Scanner *s, timelib_tz_get_wrapper tz_get_wrapper)
152     {
153            uchar *cursor = s->cur;
154            char *str, *ptr = NULL;
155    @@ -1166,7 +1166,7 @@ weekdayof        = (reltextnumber|reltex
156                    }
157    
158                    if (*ptr != '\0') {
159    -                       s->time->z = timelib_get_zone((char **) &ptr, &s->time->dst, s->time, &tz_not_found, s->tzdb);
160    +                       s->time->z = timelib_get_zone((char **) &ptr, &s->time->dst, s->time, &tz_not_found, s->tzdb, tz_get_wrapper);
161                            if (tz_not_found) {
162                                    add_error(s, "The timezone could not be found in the database");
163                            }
164    @@ -1207,7 +1207,7 @@ weekdayof        = (reltextnumber|reltex
165                                    s->time->h = timelib_get_nr((char **) &ptr, 2);
166                                    s->time->i = timelib_get_nr((char **) &ptr, 2);
167                                    s->time->s = 0;
168    -                               s->time->z = timelib_get_zone((char **) &ptr, &s->time->dst, s->time, s->tzdb);
169    +                               s->time->z = timelib_get_zone((char **) &ptr, &s->time->dst, s->time, s->tzdb, tz_get_wrapper);
170                                    break;
171                            case 1:
172                                    s->time->y = timelib_get_nr((char **) &ptr, 4);
173    @@ -1232,7 +1232,7 @@ weekdayof        = (reltextnumber|reltex
174                    s->time->s = timelib_get_nr((char **) &ptr, 2);
175    
176                    if (*ptr != '\0') {
177    -                       s->time->z = timelib_get_zone((char **) &ptr, &s->time->dst, s->time, &tz_not_found, s->tzdb);
178    +                       s->time->z = timelib_get_zone((char **) &ptr, &s->time->dst, s->time, &tz_not_found, s->tzdb, tz_get_wrapper);
179                            if (tz_not_found) {
180                                    add_error(s, "The timezone could not be found in the database");
181                            }
182    @@ -1425,7 +1425,7 @@ weekdayof        = (reltextnumber|reltex
183                    if (*ptr == '.') {
184                            s->time->f = timelib_get_frac_nr((char **) &ptr, 9);
185                            if (*ptr) { /* timezone is optional */
186    -                               s->time->z = timelib_get_zone((char **) &ptr, &s->time->dst, s->time, &tz_not_found, s->tzdb);
187    +                               s->time->z = timelib_get_zone((char **) &ptr, &s->time->dst, s->time, &tz_not_found, s->tzdb, tz_get_wrapper);
188                                    if (tz_not_found) {
189                                            add_error(s, "The timezone could not be found in the database");
190                                    }
191    @@ -1525,7 +1525,7 @@ weekdayof        = (reltextnumber|reltex
192                    s->time->h = timelib_get_nr((char **) &ptr, 2);
193                    s->time->i = timelib_get_nr((char **) &ptr, 2);
194                    s->time->s = timelib_get_nr((char **) &ptr, 2);
195    -               s->time->z = timelib_get_zone((char **) &ptr, &s->time->dst, s->time, &tz_not_found, s->tzdb);
196    +               s->time->z = timelib_get_zone((char **) &ptr, &s->time->dst, s->time, &tz_not_found, s->tzdb, tz_get_wrapper);
197                    if (tz_not_found) {
198                            add_error(s, "The timezone could not be found in the database");
199                    }
200    @@ -1638,7 +1638,7 @@ weekdayof        = (reltextnumber|reltex
201                    DEBUG_OUTPUT("tzcorrection | tz");
202                    TIMELIB_INIT;
203                    TIMELIB_HAVE_TZ();
204    -               s->time->z = timelib_get_zone((char **) &ptr, &s->time->dst, s->time, &tz_not_found, s->tzdb);
205    +               s->time->z = timelib_get_zone((char **) &ptr, &s->time->dst, s->time, &tz_not_found, s->tzdb, tz_get_wrapper);
206                    if (tz_not_found) {
207                            add_error(s, "The timezone could not be found in the database");
208                    }
209    @@ -1691,7 +1691,7 @@ weekdayof        = (reltextnumber|reltex
210                    }
211    
212                    if (*ptr != '\0') {
213    -                       s->time->z = timelib_get_zone((char **) &ptr, &s->time->dst, s->time, &tz_not_found, s->tzdb);
214    +                       s->time->z = timelib_get_zone((char **) &ptr, &s->time->dst, s->time, &tz_not_found, s->tzdb, tz_get_wrapper);
215                            if (tz_not_found) {
216                                    add_error(s, "The timezone could not be found in the database");
217                            }
218    @@ -1737,7 +1737,7 @@ weekdayof        = (reltextnumber|reltex
219    
220     /*!max:re2c */
221    
222    -timelib_time* timelib_strtotime(char *s, int len, struct timelib_error_container **errors, const timelib_tzdb *tzdb)
223    +timelib_time* timelib_strtotime(char *s, int len, struct timelib_error_container **errors, const timelib_tzdb *tzdb, timelib_tz_get_wrapper tz_get_wrapper)
224     {
225            Scanner in;
226            int t;
227    @@ -1792,7 +1792,7 @@ timelib_time* timelib_strtotime(char *s,
228            in.time->zone_type = 0;
229    
230            do {
231    -               t = scan(&in);
232    +               t = scan(&in, tz_get_wrapper);
233     #ifdef DEBUG_PARSER
234                    printf("%d\n", t);
235     #endif
236    @@ -1819,7 +1819,7 @@ timelib_time* timelib_strtotime(char *s,
237                    }
238    
239    
240    -timelib_time *timelib_parse_from_format(char *format, char *string, int len, timelib_error_container **errors, const timelib_tzdb *tzdb)
241    +timelib_time *timelib_parse_from_format(char *format, char *string, int len, timelib_error_container **errors, const timelib_tzdb *tzdb, timelib_tz_get_wrapper tz_get_wrapper)
242     {
243            char       *fptr = format;
244            char       *ptr = string;
245    @@ -1985,7 +1985,7 @@ timelib_time *timelib_parse_from_format(
246                            case 'O': /* timezone */
247                                    {
248                                            int tz_not_found;
249    -                                       s->time->z = timelib_get_zone((char **) &ptr, &s->time->dst, s->time, &tz_not_found, s->tzdb);
250    +                                       s->time->z = timelib_get_zone((char **) &ptr, &s->time->dst, s->time, &tz_not_found, s->tzdb, tz_get_wrapper);
251                                            if (tz_not_found) {
252                                                    add_pbf_error(s, "The timezone could not be found in the database", string, begin);
253                                            }
254    --- php-5.3.3/ext/date/lib/timelib.h.cve0789
255    +++ php-5.3.3/ext/date/lib/timelib.h
256    @@ -50,6 +50,9 @@
257     #define strncasecmp strnicmp
258     #endif
259    
260    +/* Function pointers */
261    +typedef timelib_tzinfo* (*timelib_tz_get_wrapper)(char *tzname, const timelib_tzdb *tzdb);
262    +
263     /* From dow.c */
264     timelib_sll timelib_day_of_week(timelib_sll y, timelib_sll m, timelib_sll d);
265     timelib_sll timelib_iso_day_of_week(timelib_sll y, timelib_sll m, timelib_sll d);
266    @@ -61,8 +64,8 @@ int timelib_valid_time(timelib_sll h, ti
267     int timelib_valid_date(timelib_sll y, timelib_sll m, timelib_sll d);
268    
269     /* From parse_date.re */
270    -timelib_time *timelib_strtotime(char *s, int len, timelib_error_container **errors, const timelib_tzdb *tzdb);
271    -timelib_time *timelib_parse_from_format(char *format, char *s, int len, timelib_error_container **errors, const timelib_tzdb *tzdb);
272    +timelib_time *timelib_strtotime(char *s, int len, timelib_error_container **errors, const timelib_tzdb *tzdb, timelib_tz_get_wrapper tz_get_wrapper);
273    +timelib_time *timelib_parse_from_format(char *format, char *s, int len, timelib_error_container **errors, const timelib_tzdb *tzdb, timelib_tz_get_wrapper tz_get_wrapper);
274     void timelib_fill_holes(timelib_time *parsed, timelib_time *now, int options);
275     char *timelib_timezone_id_from_abbr(const char *abbr, long gmtoffset, int isdst);
276     const timelib_tz_lookup_table *timelib_timezone_abbreviations_list(void);
277    --- php-5.3.3/ext/date/php_date.c.cve0789
278    +++ php-5.3.3/ext/date/php_date.c
279    @@ -833,6 +833,12 @@ static timelib_tzinfo *php_date_parse_tz
280            }
281            return tzi;
282     }
283    +
284    +timelib_tzinfo *php_date_parse_tzfile_wrapper(char *formal_tzname, const timelib_tzdb *tzdb)
285    +{
286    +       TSRMLS_FETCH();
287    +       return php_date_parse_tzfile(formal_tzname, tzdb TSRMLS_CC);
288    +}
289     /* }}} */
290    
291     /* {{{ Helper functions */
292    @@ -1366,7 +1372,7 @@ PHPAPI signed long php_parse_date(char *
293            int           error2;
294            signed long   retval;
295    
296    -       parsed_time = timelib_strtotime(string, strlen(string), &error, DATE_TIMEZONEDB);
297    +       parsed_time = timelib_strtotime(string, strlen(string), &error, DATE_TIMEZONEDB, php_date_parse_tzfile_wrapper);
298            if (error->error_count) {
299                    timelib_error_container_dtor(error);
300                    return -1;
301    @@ -1403,7 +1409,7 @@ PHP_FUNCTION(strtotime)
302    
303                    initial_ts = emalloc(25);
304                    snprintf(initial_ts, 24, "@%ld UTC", preset_ts);
305    -               t = timelib_strtotime(initial_ts, strlen(initial_ts), NULL, DATE_TIMEZONEDB); /* we ignore the error here, as this should never fail */
306    +               t = timelib_strtotime(initial_ts, strlen(initial_ts), NULL, DATE_TIMEZONEDB, php_date_parse_tzfile_wrapper); /* we ignore the error here, as this should never fail */
307                    timelib_update_ts(t, tzi);
308                    now->tz_info = tzi;
309                    now->zone_type = TIMELIB_ZONETYPE_ID;
310    @@ -1425,7 +1431,7 @@ PHP_FUNCTION(strtotime)
311                    RETURN_FALSE;
312            }
313    
314    -       t = timelib_strtotime(times, time_len, &error, DATE_TIMEZONEDB);
315    +       t = timelib_strtotime(times, time_len, &error, DATE_TIMEZONEDB, php_date_parse_tzfile_wrapper);
316            error1 = error->error_count;
317            timelib_error_container_dtor(error);
318            timelib_fill_holes(t, now, TIMELIB_NO_CLONE);
319    @@ -2378,9 +2384,9 @@ static int date_initialize(php_date_obj
320                    timelib_time_dtor(dateobj->time);
321            }
322            if (format) {
323    -               dateobj->time = timelib_parse_from_format(format, time_str_len ? time_str : "", time_str_len ? time_str_len : 0, &err, DATE_TIMEZONEDB);
324    +               dateobj->time = timelib_parse_from_format(format, time_str_len ? time_str : "", time_str_len ? time_str_len : 0, &err, DATE_TIMEZONEDB, php_date_parse_tzfile_wrapper);
325            } else {
326    -               dateobj->time = timelib_strtotime(time_str_len ? time_str : "now", time_str_len ? time_str_len : sizeof("now") -1, &err, DATE_TIMEZONEDB);
327    +               dateobj->time = timelib_strtotime(time_str_len ? time_str : "now", time_str_len ? time_str_len : sizeof("now") -1, &err, DATE_TIMEZONEDB, php_date_parse_tzfile_wrapper);
328            }
329    
330            /* update last errors and warnings */
331    @@ -2714,7 +2720,7 @@ PHP_FUNCTION(date_parse)
332                    RETURN_FALSE;
333            }
334    
335    -       parsed_time = timelib_strtotime(date, date_len, &error, DATE_TIMEZONEDB);
336    +       parsed_time = timelib_strtotime(date, date_len, &error, DATE_TIMEZONEDB, php_date_parse_tzfile_wrapper);
337            php_date_do_return_parsed_time(INTERNAL_FUNCTION_PARAM_PASSTHRU, parsed_time, error);
338     }
339     /* }}} */
340    @@ -2733,7 +2739,7 @@ PHP_FUNCTION(date_parse_from_format)
341                    RETURN_FALSE;
342            }
343    
344    -       parsed_time = timelib_parse_from_format(format, date, date_len, &error, DATE_TIMEZONEDB);
345    +       parsed_time = timelib_parse_from_format(format, date, date_len, &error, DATE_TIMEZONEDB, php_date_parse_tzfile_wrapper);
346            php_date_do_return_parsed_time(INTERNAL_FUNCTION_PARAM_PASSTHRU, parsed_time, error);
347     }
348     /* }}} */
349    @@ -2775,7 +2781,7 @@ PHP_FUNCTION(date_modify)
350            dateobj = (php_date_obj *) zend_object_store_get_object(object TSRMLS_CC);
351            DATE_CHECK_INITIALIZED(dateobj->time, DateTime);
352    
353    -       tmp_time = timelib_strtotime(modify, modify_len, &err, DATE_TIMEZONEDB);
354    +       tmp_time = timelib_strtotime(modify, modify_len, &err, DATE_TIMEZONEDB, php_date_parse_tzfile_wrapper);
355    
356            /* update last errors and warnings */
357            update_errors_warnings(err TSRMLS_CC);
358    @@ -3571,7 +3577,7 @@ PHP_FUNCTION(date_interval_create_from_d
359    
360            date_instantiate(date_ce_interval, return_value TSRMLS_CC);
361    
362    -       time = timelib_strtotime(time_str, time_str_len, &err, DATE_TIMEZONEDB);
363    +       time = timelib_strtotime(time_str, time_str_len, &err, DATE_TIMEZONEDB, php_date_parse_tzfile_wrapper);
364            diobj = (php_interval_obj *) zend_object_store_get_object(return_value TSRMLS_CC);
365            diobj->diff = timelib_rel_time_clone(&time->relative);
366            diobj->initialized = 1;
367    --- php-5.3.3/ext/date/tests/bug53502.phpt.cve0789
368    +++ php-5.3.3/ext/date/tests/bug53502.phpt
369    @@ -0,0 +1,13 @@
370    +--TEST--
371    +Bug #53502 (strtotime with timezone memory leak)
372    +--INI--
373    +date.timezone=UTC
374    +--FILE--
375    +<?php
376    +for ($i = 0; $i < 1000; $i++) {
377    +    strtotime('Monday 00:00 Europe/Paris');    // Memory leak
378    +}
379    +echo "Nothing, test only makes sense through valgrind.\n";
380    +?>
381    +--EXPECT--
382    +Nothing, test only makes sense through valgrind.


Legend:
Removed lines/characters  
Changed lines/characters
  Added lines/characters

admin@koozali.org
ViewVC Help
Powered by ViewVC 1.2.1 RSS 2.0 feed