php/sme8/php-5.3.3-CVE-2012-0789.patch


https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-0789

http://git.php.net/?p=php-src.git;a=commitdiff;h=5b2ce47f2e98e672873f6da0f41fff120af1e57e
 - with unrelated changes reverted

--- php-5.3.3/ext/date/lib/parse_date.c.cve0789
+++ php-5.3.3/ext/date/lib/parse_date.c
@@ -756,7 +756,7 @@ static long timelib_lookup_zone(char **p
        return value;
 }
 
-static long timelib_get_zone(char **ptr, int *dst, timelib_time *t, int *tz_not_found, const timelib_tzdb *tzdb)
+static long timelib_get_zone(char **ptr, int *dst, timelib_time *t, int *tz_not_found, const timelib_tzdb *tzdb, timelib_tz_get_wrapper tz_wrapper)
 {
        timelib_tzinfo *res;
        long            retval = 0;
@@ -805,7 +805,7 @@ static long timelib_get_zone(char **ptr,
 #endif
                /* If we have a TimeZone identifier to start with, use it */
                if (strstr(tz_abbr, "/") || strcmp(tz_abbr, "UTC") == 0) {
-                       if ((res = timelib_parse_tzfile(tz_abbr, tzdb)) != NULL) {
+                       if ((res = tz_wrapper(tz_abbr, tzdb)) != NULL) {
                                t->tz_info = res;
                                t->zone_type = TIMELIB_ZONETYPE_ID;
                                found++;
@@ -834,7 +834,7 @@ static long timelib_get_zone(char **ptr,
        }                              \
 }
 
-static int scan(Scanner *s)
+static int scan(Scanner *s, timelib_tz_get_wrapper tz_get_wrapper)
 {
        uchar *cursor = s->cur;
        char *str, *ptr = NULL;
@@ -1006,7 +1006,7 @@ yy4:
                DEBUG_OUTPUT("tzcorrection | tz");
                TIMELIB_INIT;
                TIMELIB_HAVE_TZ();
-               s->time->z = timelib_get_zone((char **) &ptr, &s->time->dst, s->time, &tz_not_found, s->tzdb);
+               s->time->z = timelib_get_zone((char **) &ptr, &s->time->dst, s->time, &tz_not_found, s->tzdb, tz_get_wrapper);
                if (tz_not_found) {
                        add_error(s, "The timezone could not be found in the database");
                }
@@ -4451,7 +4451,7 @@ yy223:
                }
 
                if (*ptr != '\0') {
-                       s->time->z = timelib_get_zone((char **) &ptr, &s->time->dst, s->time, &tz_not_found, s->tzdb);
+                       s->time->z = timelib_get_zone((char **) &ptr, &s->time->dst, s->time, &tz_not_found, s->tzdb, tz_get_wrapper);
                        if (tz_not_found) {
                                add_error(s, "The timezone could not be found in the database");
                        }
@@ -9763,7 +9763,7 @@ yy491:
                }
 
                if (*ptr != '\0') {
-                       s->time->z = timelib_get_zone((char **) &ptr, &s->time->dst, s->time, &tz_not_found, s->tzdb);
+                       s->time->z = timelib_get_zone((char **) &ptr, &s->time->dst, s->time, &tz_not_found, s->tzdb, tz_get_wrapper);
                        if (tz_not_found) {
                                add_error(s, "The timezone could not be found in the database");
                        }
@@ -12020,7 +12020,7 @@ yy701:
                s->time->h = timelib_get_nr((char **) &ptr, 2);
                s->time->i = timelib_get_nr((char **) &ptr, 2);
                s->time->s = timelib_get_nr((char **) &ptr, 2);
-               s->time->z = timelib_get_zone((char **) &ptr, &s->time->dst, s->time, &tz_not_found, s->tzdb);
+               s->time->z = timelib_get_zone((char **) &ptr, &s->time->dst, s->time, &tz_not_found, s->tzdb, tz_get_wrapper);
                if (tz_not_found) {
                        add_error(s, "The timezone could not be found in the database");
                }
@@ -13391,7 +13391,7 @@ yy843:
                if (*ptr == '.') {
                        s->time->f = timelib_get_frac_nr((char **) &ptr, 9);
                        if (*ptr) { /* timezone is optional */
-                               s->time->z = timelib_get_zone((char **) &ptr, &s->time->dst, s->time, &tz_not_found, s->tzdb);
+                               s->time->z = timelib_get_zone((char **) &ptr, &s->time->dst, s->time, &tz_not_found, s->tzdb, tz_get_wrapper);
                                if (tz_not_found) {
                                        add_error(s, "The timezone could not be found in the database");
                                }
@@ -15731,7 +15731,7 @@ yy1076:
                s->time->s = timelib_get_nr((char **) &ptr, 2);
 
                if (*ptr != '\0') {
-                       s->time->z = timelib_get_zone((char **) &ptr, &s->time->dst, s->time, &tz_not_found, s->tzdb);
+                       s->time->z = timelib_get_zone((char **) &ptr, &s->time->dst, s->time, &tz_not_found, s->tzdb, tz_get_wrapper);
                        if (tz_not_found) {
                                add_error(s, "The timezone could not be found in the database");
                        }
@@ -24632,7 +24632,7 @@ yy1537:
 
 #define YYMAXFILL 31
 
-timelib_time* timelib_strtotime(char *s, int len, struct timelib_error_container **errors, const timelib_tzdb *tzdb)
+timelib_time* timelib_strtotime(char *s, int len, struct timelib_error_container **errors, const timelib_tzdb *tzdb, timelib_tz_get_wrapper tz_get_wrapper)
 {
        Scanner in;
        int t;
@@ -24687,7 +24687,7 @@ timelib_time* timelib_strtotime(char *s,
        in.time->zone_type = 0;
 
        do {
-               t = scan(&in);
+               t = scan(&in, tz_get_wrapper);
 #ifdef DEBUG_PARSER
                printf("%d\n", t);
 #endif
@@ -24714,7 +24714,7 @@ timelib_time* timelib_strtotime(char *s,
                }
 
 
-timelib_time *timelib_parse_from_format(char *format, char *string, int len, timelib_error_container **errors, const timelib_tzdb *tzdb)
+timelib_time *timelib_parse_from_format(char *format, char *string, int len, timelib_error_container **errors, const timelib_tzdb *tzdb, timelib_tz_get_wrapper tz_get_wrapper)
 {
        char       *fptr = format;
        char       *ptr = string;
@@ -24880,7 +24880,7 @@ timelib_time *timelib_parse_from_format(
                        case 'O': /* timezone */
                                {
                                        int tz_not_found;
-                                       s->time->z = timelib_get_zone((char **) &ptr, &s->time->dst, s->time, &tz_not_found, s->tzdb);
+                                       s->time->z = timelib_get_zone((char **) &ptr, &s->time->dst, s->time, &tz_not_found, s->tzdb, tz_get_wrapper);
                                        if (tz_not_found) {
                                                add_pbf_error(s, "The timezone could not be found in the database", string, begin);
                                        }
--- php-5.3.3/ext/date/lib/parse_date.re.cve0789
+++ php-5.3.3/ext/date/lib/parse_date.re
@@ -755,7 +755,7 @@ static long timelib_lookup_zone(char **p
        return value;
 }
 
-static long timelib_get_zone(char **ptr, int *dst, timelib_time *t, int *tz_not_found, const timelib_tzdb *tzdb)
+static long timelib_get_zone(char **ptr, int *dst, timelib_time *t, int *tz_not_found, const timelib_tzdb *tzdb, timelib_tz_get_wrapper tz_wrapper)
 {
        timelib_tzinfo *res;
        long            retval = 0;
@@ -804,7 +804,7 @@ static long timelib_get_zone(char **ptr,
 #endif
                /* If we have a TimeZone identifier to start with, use it */
                if (strstr(tz_abbr, "/") || strcmp(tz_abbr, "UTC") == 0) {
-                       if ((res = timelib_parse_tzfile(tz_abbr, tzdb)) != NULL) {
+                       if ((res = tz_wrapper(tz_abbr, tzdb)) != NULL) {
                                t->tz_info = res;
                                t->zone_type = TIMELIB_ZONETYPE_ID;
                                found++;
@@ -833,7 +833,7 @@ static long timelib_get_zone(char **ptr,
        }                              \
 }
 
-static int scan(Scanner *s)
+static int scan(Scanner *s, timelib_tz_get_wrapper tz_get_wrapper)
 {
        uchar *cursor = s->cur;
        char *str, *ptr = NULL;
@@ -1166,7 +1166,7 @@ weekdayof        = (reltextnumber|reltex
                }
 
                if (*ptr != '\0') {
-                       s->time->z = timelib_get_zone((char **) &ptr, &s->time->dst, s->time, &tz_not_found, s->tzdb);
+                       s->time->z = timelib_get_zone((char **) &ptr, &s->time->dst, s->time, &tz_not_found, s->tzdb, tz_get_wrapper);
                        if (tz_not_found) {
                                add_error(s, "The timezone could not be found in the database");
                        }
@@ -1207,7 +1207,7 @@ weekdayof        = (reltextnumber|reltex
                                s->time->h = timelib_get_nr((char **) &ptr, 2);
                                s->time->i = timelib_get_nr((char **) &ptr, 2);
                                s->time->s = 0;
-                               s->time->z = timelib_get_zone((char **) &ptr, &s->time->dst, s->time, s->tzdb);
+                               s->time->z = timelib_get_zone((char **) &ptr, &s->time->dst, s->time, s->tzdb, tz_get_wrapper);
                                break;
                        case 1:
                                s->time->y = timelib_get_nr((char **) &ptr, 4);
@@ -1232,7 +1232,7 @@ weekdayof        = (reltextnumber|reltex
                s->time->s = timelib_get_nr((char **) &ptr, 2);
 
                if (*ptr != '\0') {
-                       s->time->z = timelib_get_zone((char **) &ptr, &s->time->dst, s->time, &tz_not_found, s->tzdb);
+                       s->time->z = timelib_get_zone((char **) &ptr, &s->time->dst, s->time, &tz_not_found, s->tzdb, tz_get_wrapper);
                        if (tz_not_found) {
                                add_error(s, "The timezone could not be found in the database");
                        }
@@ -1425,7 +1425,7 @@ weekdayof        = (reltextnumber|reltex
                if (*ptr == '.') {
                        s->time->f = timelib_get_frac_nr((char **) &ptr, 9);
                        if (*ptr) { /* timezone is optional */
-                               s->time->z = timelib_get_zone((char **) &ptr, &s->time->dst, s->time, &tz_not_found, s->tzdb);
+                               s->time->z = timelib_get_zone((char **) &ptr, &s->time->dst, s->time, &tz_not_found, s->tzdb, tz_get_wrapper);
                                if (tz_not_found) {
                                        add_error(s, "The timezone could not be found in the database");
                                }
@@ -1525,7 +1525,7 @@ weekdayof        = (reltextnumber|reltex
                s->time->h = timelib_get_nr((char **) &ptr, 2);
                s->time->i = timelib_get_nr((char **) &ptr, 2);
                s->time->s = timelib_get_nr((char **) &ptr, 2);
-               s->time->z = timelib_get_zone((char **) &ptr, &s->time->dst, s->time, &tz_not_found, s->tzdb);
+               s->time->z = timelib_get_zone((char **) &ptr, &s->time->dst, s->time, &tz_not_found, s->tzdb, tz_get_wrapper);
                if (tz_not_found) {
                        add_error(s, "The timezone could not be found in the database");
                }
@@ -1638,7 +1638,7 @@ weekdayof        = (reltextnumber|reltex
                DEBUG_OUTPUT("tzcorrection | tz");
                TIMELIB_INIT;
                TIMELIB_HAVE_TZ();
-               s->time->z = timelib_get_zone((char **) &ptr, &s->time->dst, s->time, &tz_not_found, s->tzdb);
+               s->time->z = timelib_get_zone((char **) &ptr, &s->time->dst, s->time, &tz_not_found, s->tzdb, tz_get_wrapper);
                if (tz_not_found) {
                        add_error(s, "The timezone could not be found in the database");
                }
@@ -1691,7 +1691,7 @@ weekdayof        = (reltextnumber|reltex
                }
 
                if (*ptr != '\0') {
-                       s->time->z = timelib_get_zone((char **) &ptr, &s->time->dst, s->time, &tz_not_found, s->tzdb);
+                       s->time->z = timelib_get_zone((char **) &ptr, &s->time->dst, s->time, &tz_not_found, s->tzdb, tz_get_wrapper);
                        if (tz_not_found) {
                                add_error(s, "The timezone could not be found in the database");
                        }
@@ -1737,7 +1737,7 @@ weekdayof        = (reltextnumber|reltex
 
 /*!max:re2c */
 
-timelib_time* timelib_strtotime(char *s, int len, struct timelib_error_container **errors, const timelib_tzdb *tzdb)
+timelib_time* timelib_strtotime(char *s, int len, struct timelib_error_container **errors, const timelib_tzdb *tzdb, timelib_tz_get_wrapper tz_get_wrapper)
 {
        Scanner in;
        int t;
@@ -1792,7 +1792,7 @@ timelib_time* timelib_strtotime(char *s,
        in.time->zone_type = 0;
 
        do {
-               t = scan(&in);
+               t = scan(&in, tz_get_wrapper);
 #ifdef DEBUG_PARSER
                printf("%d\n", t);
 #endif
@@ -1819,7 +1819,7 @@ timelib_time* timelib_strtotime(char *s,
                }
 
 
-timelib_time *timelib_parse_from_format(char *format, char *string, int len, timelib_error_container **errors, const timelib_tzdb *tzdb)
+timelib_time *timelib_parse_from_format(char *format, char *string, int len, timelib_error_container **errors, const timelib_tzdb *tzdb, timelib_tz_get_wrapper tz_get_wrapper)
 {
        char       *fptr = format;
        char       *ptr = string;
@@ -1985,7 +1985,7 @@ timelib_time *timelib_parse_from_format(
                        case 'O': /* timezone */
                                {
                                        int tz_not_found;
-                                       s->time->z = timelib_get_zone((char **) &ptr, &s->time->dst, s->time, &tz_not_found, s->tzdb);
+                                       s->time->z = timelib_get_zone((char **) &ptr, &s->time->dst, s->time, &tz_not_found, s->tzdb, tz_get_wrapper);
                                        if (tz_not_found) {
                                                add_pbf_error(s, "The timezone could not be found in the database", string, begin);
                                        }
--- php-5.3.3/ext/date/lib/timelib.h.cve0789
+++ php-5.3.3/ext/date/lib/timelib.h
@@ -50,6 +50,9 @@
 #define strncasecmp strnicmp
 #endif
 
+/* Function pointers */
+typedef timelib_tzinfo* (*timelib_tz_get_wrapper)(char *tzname, const timelib_tzdb *tzdb);
+
 /* From dow.c */
 timelib_sll timelib_day_of_week(timelib_sll y, timelib_sll m, timelib_sll d);
 timelib_sll timelib_iso_day_of_week(timelib_sll y, timelib_sll m, timelib_sll d);
@@ -61,8 +64,8 @@ int timelib_valid_time(timelib_sll h, ti
 int timelib_valid_date(timelib_sll y, timelib_sll m, timelib_sll d);
 
 /* From parse_date.re */
-timelib_time *timelib_strtotime(char *s, int len, timelib_error_container **errors, const timelib_tzdb *tzdb);
-timelib_time *timelib_parse_from_format(char *format, char *s, int len, timelib_error_container **errors, const timelib_tzdb *tzdb);
+timelib_time *timelib_strtotime(char *s, int len, timelib_error_container **errors, const timelib_tzdb *tzdb, timelib_tz_get_wrapper tz_get_wrapper);
+timelib_time *timelib_parse_from_format(char *format, char *s, int len, timelib_error_container **errors, const timelib_tzdb *tzdb, timelib_tz_get_wrapper tz_get_wrapper);
 void timelib_fill_holes(timelib_time *parsed, timelib_time *now, int options);
 char *timelib_timezone_id_from_abbr(const char *abbr, long gmtoffset, int isdst);
 const timelib_tz_lookup_table *timelib_timezone_abbreviations_list(void);
--- php-5.3.3/ext/date/php_date.c.cve0789
+++ php-5.3.3/ext/date/php_date.c
@@ -833,6 +833,12 @@ static timelib_tzinfo *php_date_parse_tz
        }
        return tzi;
 }
+
+timelib_tzinfo *php_date_parse_tzfile_wrapper(char *formal_tzname, const timelib_tzdb *tzdb)
+{
+       TSRMLS_FETCH();
+       return php_date_parse_tzfile(formal_tzname, tzdb TSRMLS_CC);
+}
 /* }}} */
 
 /* {{{ Helper functions */
@@ -1366,7 +1372,7 @@ PHPAPI signed long php_parse_date(char *
        int           error2;
        signed long   retval;
 
-       parsed_time = timelib_strtotime(string, strlen(string), &error, DATE_TIMEZONEDB);
+       parsed_time = timelib_strtotime(string, strlen(string), &error, DATE_TIMEZONEDB, php_date_parse_tzfile_wrapper);
        if (error->error_count) {
                timelib_error_container_dtor(error);
                return -1;
@@ -1403,7 +1409,7 @@ PHP_FUNCTION(strtotime)
 
                initial_ts = emalloc(25);
                snprintf(initial_ts, 24, "@%ld UTC", preset_ts);
-               t = timelib_strtotime(initial_ts, strlen(initial_ts), NULL, DATE_TIMEZONEDB); /* we ignore the error here, as this should never fail */
+               t = timelib_strtotime(initial_ts, strlen(initial_ts), NULL, DATE_TIMEZONEDB, php_date_parse_tzfile_wrapper); /* we ignore the error here, as this should never fail */
                timelib_update_ts(t, tzi);
                now->tz_info = tzi;
                now->zone_type = TIMELIB_ZONETYPE_ID;
@@ -1425,7 +1431,7 @@ PHP_FUNCTION(strtotime)
                RETURN_FALSE;
        }
 
-       t = timelib_strtotime(times, time_len, &error, DATE_TIMEZONEDB);
+       t = timelib_strtotime(times, time_len, &error, DATE_TIMEZONEDB, php_date_parse_tzfile_wrapper);
        error1 = error->error_count;
        timelib_error_container_dtor(error);
        timelib_fill_holes(t, now, TIMELIB_NO_CLONE);
@@ -2378,9 +2384,9 @@ static int date_initialize(php_date_obj
                timelib_time_dtor(dateobj->time);
        }
        if (format) {
-               dateobj->time = timelib_parse_from_format(format, time_str_len ? time_str : "", time_str_len ? time_str_len : 0, &err, DATE_TIMEZONEDB);
+               dateobj->time = timelib_parse_from_format(format, time_str_len ? time_str : "", time_str_len ? time_str_len : 0, &err, DATE_TIMEZONEDB, php_date_parse_tzfile_wrapper);
        } else {
-               dateobj->time = timelib_strtotime(time_str_len ? time_str : "now", time_str_len ? time_str_len : sizeof("now") -1, &err, DATE_TIMEZONEDB);
+               dateobj->time = timelib_strtotime(time_str_len ? time_str : "now", time_str_len ? time_str_len : sizeof("now") -1, &err, DATE_TIMEZONEDB, php_date_parse_tzfile_wrapper);
        }
 
        /* update last errors and warnings */
@@ -2714,7 +2720,7 @@ PHP_FUNCTION(date_parse)
                RETURN_FALSE;
        }
 
-       parsed_time = timelib_strtotime(date, date_len, &error, DATE_TIMEZONEDB);
+       parsed_time = timelib_strtotime(date, date_len, &error, DATE_TIMEZONEDB, php_date_parse_tzfile_wrapper);
        php_date_do_return_parsed_time(INTERNAL_FUNCTION_PARAM_PASSTHRU, parsed_time, error);
 }
 /* }}} */
@@ -2733,7 +2739,7 @@ PHP_FUNCTION(date_parse_from_format)
                RETURN_FALSE;
        }
 
-       parsed_time = timelib_parse_from_format(format, date, date_len, &error, DATE_TIMEZONEDB);
+       parsed_time = timelib_parse_from_format(format, date, date_len, &error, DATE_TIMEZONEDB, php_date_parse_tzfile_wrapper);
        php_date_do_return_parsed_time(INTERNAL_FUNCTION_PARAM_PASSTHRU, parsed_time, error);
 }
 /* }}} */
@@ -2775,7 +2781,7 @@ PHP_FUNCTION(date_modify)
        dateobj = (php_date_obj *) zend_object_store_get_object(object TSRMLS_CC);
        DATE_CHECK_INITIALIZED(dateobj->time, DateTime);
 
-       tmp_time = timelib_strtotime(modify, modify_len, &err, DATE_TIMEZONEDB);
+       tmp_time = timelib_strtotime(modify, modify_len, &err, DATE_TIMEZONEDB, php_date_parse_tzfile_wrapper);
 
        /* update last errors and warnings */
        update_errors_warnings(err TSRMLS_CC);
@@ -3571,7 +3577,7 @@ PHP_FUNCTION(date_interval_create_from_d
 
        date_instantiate(date_ce_interval, return_value TSRMLS_CC);
 
-       time = timelib_strtotime(time_str, time_str_len, &err, DATE_TIMEZONEDB);
+       time = timelib_strtotime(time_str, time_str_len, &err, DATE_TIMEZONEDB, php_date_parse_tzfile_wrapper);
        diobj = (php_interval_obj *) zend_object_store_get_object(return_value TSRMLS_CC);
        diobj->diff = timelib_rel_time_clone(&time->relative);
        diobj->initialized = 1;
--- php-5.3.3/ext/date/tests/bug53502.phpt.cve0789
+++ php-5.3.3/ext/date/tests/bug53502.phpt
@@ -0,0 +1,13 @@
+--TEST--
+Bug #53502 (strtotime with timezone memory leak)
+--INI--
+date.timezone=UTC
+--FILE--
+<?php
+for ($i = 0; $i < 1000; $i++) {
+    strtotime('Monday 00:00 Europe/Paris');    // Memory leak
+}
+echo "Nothing, test only makes sense through valgrind.\n";
+?>
+--EXPECT--
+Nothing, test only makes sense through valgrind.
1
2	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-0789
3
4	http://git.php.net/?p=php-src.git;a=commitdiff;h=5b2ce47f2e98e672873f6da0f41fff120af1e57e
5	- with unrelated changes reverted
6
7	--- php-5.3.3/ext/date/lib/parse_date.c.cve0789
8	+++ php-5.3.3/ext/date/lib/parse_date.c
9	@@ -756,7 +756,7 @@ static long timelib_lookup_zone(char **p
10	return value;
11	}
12
13	-static long timelib_get_zone(char *ptr, int dst, timelib_time t, int tz_not_found, const timelib_tzdb *tzdb)
14	+static long timelib_get_zone(char *ptr, int dst, timelib_time t, int tz_not_found, const timelib_tzdb *tzdb, timelib_tz_get_wrapper tz_wrapper)
15	{
16	timelib_tzinfo *res;
17	long retval = 0;
18	@@ -805,7 +805,7 @@ static long timelib_get_zone(char **ptr,
19	#endif
20	/* If we have a TimeZone identifier to start with, use it */
21	if (strstr(tz_abbr, "/") \|\| strcmp(tz_abbr, "UTC") == 0) {
22	- if ((res = timelib_parse_tzfile(tz_abbr, tzdb)) != NULL) {
23	+ if ((res = tz_wrapper(tz_abbr, tzdb)) != NULL) {
24	t->tz_info = res;
25	t->zone_type = TIMELIB_ZONETYPE_ID;
26	found++;
27	@@ -834,7 +834,7 @@ static long timelib_get_zone(char **ptr,
28	} \
29	}
30
31	-static int scan(Scanner *s)
32	+static int scan(Scanner *s, timelib_tz_get_wrapper tz_get_wrapper)
33	{
34	uchar *cursor = s->cur;
35	char str, ptr = NULL;
36	@@ -1006,7 +1006,7 @@ yy4:
37	DEBUG_OUTPUT("tzcorrection \| tz");
38	TIMELIB_INIT;
39	TIMELIB_HAVE_TZ();
40	- s->time->z = timelib_get_zone((char **) &ptr, &s->time->dst, s->time, &tz_not_found, s->tzdb);
41	+ s->time->z = timelib_get_zone((char **) &ptr, &s->time->dst, s->time, &tz_not_found, s->tzdb, tz_get_wrapper);
42	if (tz_not_found) {
43	add_error(s, "The timezone could not be found in the database");
44	}
45	@@ -4451,7 +4451,7 @@ yy223:
46	}
47
48	if (*ptr != '\0') {
49	- s->time->z = timelib_get_zone((char **) &ptr, &s->time->dst, s->time, &tz_not_found, s->tzdb);
50	+ s->time->z = timelib_get_zone((char **) &ptr, &s->time->dst, s->time, &tz_not_found, s->tzdb, tz_get_wrapper);
51	if (tz_not_found) {
52	add_error(s, "The timezone could not be found in the database");
53	}
54	@@ -9763,7 +9763,7 @@ yy491:
55	}
56
57	if (*ptr != '\0') {
58	- s->time->z = timelib_get_zone((char **) &ptr, &s->time->dst, s->time, &tz_not_found, s->tzdb);
59	+ s->time->z = timelib_get_zone((char **) &ptr, &s->time->dst, s->time, &tz_not_found, s->tzdb, tz_get_wrapper);
60	if (tz_not_found) {
61	add_error(s, "The timezone could not be found in the database");
62	}
63	@@ -12020,7 +12020,7 @@ yy701:
64	s->time->h = timelib_get_nr((char **) &ptr, 2);
65	s->time->i = timelib_get_nr((char **) &ptr, 2);
66	s->time->s = timelib_get_nr((char **) &ptr, 2);
67	- s->time->z = timelib_get_zone((char **) &ptr, &s->time->dst, s->time, &tz_not_found, s->tzdb);
68	+ s->time->z = timelib_get_zone((char **) &ptr, &s->time->dst, s->time, &tz_not_found, s->tzdb, tz_get_wrapper);
69	if (tz_not_found) {
70	add_error(s, "The timezone could not be found in the database");
71	}
72	@@ -13391,7 +13391,7 @@ yy843:
73	if (*ptr == '.') {
74	s->time->f = timelib_get_frac_nr((char **) &ptr, 9);
75	if (ptr) { / timezone is optional */
76	- s->time->z = timelib_get_zone((char **) &ptr, &s->time->dst, s->time, &tz_not_found, s->tzdb);
77	+ s->time->z = timelib_get_zone((char **) &ptr, &s->time->dst, s->time, &tz_not_found, s->tzdb, tz_get_wrapper);
78	if (tz_not_found) {
79	add_error(s, "The timezone could not be found in the database");
80	}
81	@@ -15731,7 +15731,7 @@ yy1076:
82	s->time->s = timelib_get_nr((char **) &ptr, 2);
83
84	if (*ptr != '\0') {
85	- s->time->z = timelib_get_zone((char **) &ptr, &s->time->dst, s->time, &tz_not_found, s->tzdb);
86	+ s->time->z = timelib_get_zone((char **) &ptr, &s->time->dst, s->time, &tz_not_found, s->tzdb, tz_get_wrapper);
87	if (tz_not_found) {
88	add_error(s, "The timezone could not be found in the database");
89	}
90	@@ -24632,7 +24632,7 @@ yy1537:
91
92	#define YYMAXFILL 31
93
94	-timelib_time* timelib_strtotime(char s, int len, struct timelib_error_container errors, const timelib_tzdb tzdb)
95	+timelib_time* timelib_strtotime(char s, int len, struct timelib_error_container errors, const timelib_tzdb tzdb, timelib_tz_get_wrapper tz_get_wrapper)
96	{
97	Scanner in;
98	int t;
99	@@ -24687,7 +24687,7 @@ timelib_time* timelib_strtotime(char *s,
100	in.time->zone_type = 0;
101
102	do {
103	- t = scan(&in);
104	+ t = scan(&in, tz_get_wrapper);
105	#ifdef DEBUG_PARSER
106	printf("%d\n", t);
107	#endif
108	@@ -24714,7 +24714,7 @@ timelib_time* timelib_strtotime(char *s,
109	}
110
111
112	-timelib_time timelib_parse_from_format(char format, char string, int len, timelib_error_container errors, const timelib_tzdb tzdb)
113	+timelib_time timelib_parse_from_format(char format, char string, int len, timelib_error_container errors, const timelib_tzdb tzdb, timelib_tz_get_wrapper tz_get_wrapper)
114	{
115	char *fptr = format;
116	char *ptr = string;
117	@@ -24880,7 +24880,7 @@ timelib_time *timelib_parse_from_format(
118	case 'O': /* timezone */
119	{
120	int tz_not_found;
121	- s->time->z = timelib_get_zone((char **) &ptr, &s->time->dst, s->time, &tz_not_found, s->tzdb);
122	+ s->time->z = timelib_get_zone((char **) &ptr, &s->time->dst, s->time, &tz_not_found, s->tzdb, tz_get_wrapper);
123	if (tz_not_found) {
124	add_pbf_error(s, "The timezone could not be found in the database", string, begin);
125	}
126	--- php-5.3.3/ext/date/lib/parse_date.re.cve0789
127	+++ php-5.3.3/ext/date/lib/parse_date.re
128	@@ -755,7 +755,7 @@ static long timelib_lookup_zone(char **p
129	return value;
130	}
131
132	-static long timelib_get_zone(char *ptr, int dst, timelib_time t, int tz_not_found, const timelib_tzdb *tzdb)
133	+static long timelib_get_zone(char *ptr, int dst, timelib_time t, int tz_not_found, const timelib_tzdb *tzdb, timelib_tz_get_wrapper tz_wrapper)
134	{
135	timelib_tzinfo *res;
136	long retval = 0;
137	@@ -804,7 +804,7 @@ static long timelib_get_zone(char **ptr,
138	#endif
139	/* If we have a TimeZone identifier to start with, use it */
140	if (strstr(tz_abbr, "/") \|\| strcmp(tz_abbr, "UTC") == 0) {
141	- if ((res = timelib_parse_tzfile(tz_abbr, tzdb)) != NULL) {
142	+ if ((res = tz_wrapper(tz_abbr, tzdb)) != NULL) {
143	t->tz_info = res;
144	t->zone_type = TIMELIB_ZONETYPE_ID;
145	found++;
146	@@ -833,7 +833,7 @@ static long timelib_get_zone(char **ptr,
147	} \
148	}
149
150	-static int scan(Scanner *s)
151	+static int scan(Scanner *s, timelib_tz_get_wrapper tz_get_wrapper)
152	{
153	uchar *cursor = s->cur;
154	char str, ptr = NULL;
155	@@ -1166,7 +1166,7 @@ weekdayof = (reltextnumber\|reltex
156	}
157
158	if (*ptr != '\0') {
159	- s->time->z = timelib_get_zone((char **) &ptr, &s->time->dst, s->time, &tz_not_found, s->tzdb);
160	+ s->time->z = timelib_get_zone((char **) &ptr, &s->time->dst, s->time, &tz_not_found, s->tzdb, tz_get_wrapper);
161	if (tz_not_found) {
162	add_error(s, "The timezone could not be found in the database");
163	}
164	@@ -1207,7 +1207,7 @@ weekdayof = (reltextnumber\|reltex
165	s->time->h = timelib_get_nr((char **) &ptr, 2);
166	s->time->i = timelib_get_nr((char **) &ptr, 2);
167	s->time->s = 0;
168	- s->time->z = timelib_get_zone((char **) &ptr, &s->time->dst, s->time, s->tzdb);
169	+ s->time->z = timelib_get_zone((char **) &ptr, &s->time->dst, s->time, s->tzdb, tz_get_wrapper);
170	break;
171	case 1:
172	s->time->y = timelib_get_nr((char **) &ptr, 4);
173	@@ -1232,7 +1232,7 @@ weekdayof = (reltextnumber\|reltex
174	s->time->s = timelib_get_nr((char **) &ptr, 2);
175
176	if (*ptr != '\0') {
177	- s->time->z = timelib_get_zone((char **) &ptr, &s->time->dst, s->time, &tz_not_found, s->tzdb);
178	+ s->time->z = timelib_get_zone((char **) &ptr, &s->time->dst, s->time, &tz_not_found, s->tzdb, tz_get_wrapper);
179	if (tz_not_found) {
180	add_error(s, "The timezone could not be found in the database");
181	}
182	@@ -1425,7 +1425,7 @@ weekdayof = (reltextnumber\|reltex
183	if (*ptr == '.') {
184	s->time->f = timelib_get_frac_nr((char **) &ptr, 9);
185	if (ptr) { / timezone is optional */
186	- s->time->z = timelib_get_zone((char **) &ptr, &s->time->dst, s->time, &tz_not_found, s->tzdb);
187	+ s->time->z = timelib_get_zone((char **) &ptr, &s->time->dst, s->time, &tz_not_found, s->tzdb, tz_get_wrapper);
188	if (tz_not_found) {
189	add_error(s, "The timezone could not be found in the database");
190	}
191	@@ -1525,7 +1525,7 @@ weekdayof = (reltextnumber\|reltex
192	s->time->h = timelib_get_nr((char **) &ptr, 2);
193	s->time->i = timelib_get_nr((char **) &ptr, 2);
194	s->time->s = timelib_get_nr((char **) &ptr, 2);
195	- s->time->z = timelib_get_zone((char **) &ptr, &s->time->dst, s->time, &tz_not_found, s->tzdb);
196	+ s->time->z = timelib_get_zone((char **) &ptr, &s->time->dst, s->time, &tz_not_found, s->tzdb, tz_get_wrapper);
197	if (tz_not_found) {
198	add_error(s, "The timezone could not be found in the database");
199	}
200	@@ -1638,7 +1638,7 @@ weekdayof = (reltextnumber\|reltex
201	DEBUG_OUTPUT("tzcorrection \| tz");
202	TIMELIB_INIT;
203	TIMELIB_HAVE_TZ();
204	- s->time->z = timelib_get_zone((char **) &ptr, &s->time->dst, s->time, &tz_not_found, s->tzdb);
205	+ s->time->z = timelib_get_zone((char **) &ptr, &s->time->dst, s->time, &tz_not_found, s->tzdb, tz_get_wrapper);
206	if (tz_not_found) {
207	add_error(s, "The timezone could not be found in the database");
208	}
209	@@ -1691,7 +1691,7 @@ weekdayof = (reltextnumber\|reltex
210	}
211
212	if (*ptr != '\0') {
213	- s->time->z = timelib_get_zone((char **) &ptr, &s->time->dst, s->time, &tz_not_found, s->tzdb);
214	+ s->time->z = timelib_get_zone((char **) &ptr, &s->time->dst, s->time, &tz_not_found, s->tzdb, tz_get_wrapper);
215	if (tz_not_found) {
216	add_error(s, "The timezone could not be found in the database");
217	}
218	@@ -1737,7 +1737,7 @@ weekdayof = (reltextnumber\|reltex
219
220	/!max:re2c /
221
222	-timelib_time* timelib_strtotime(char s, int len, struct timelib_error_container errors, const timelib_tzdb tzdb)
223	+timelib_time* timelib_strtotime(char s, int len, struct timelib_error_container errors, const timelib_tzdb tzdb, timelib_tz_get_wrapper tz_get_wrapper)
224	{
225	Scanner in;
226	int t;
227	@@ -1792,7 +1792,7 @@ timelib_time* timelib_strtotime(char *s,
228	in.time->zone_type = 0;
229
230	do {
231	- t = scan(&in);
232	+ t = scan(&in, tz_get_wrapper);
233	#ifdef DEBUG_PARSER
234	printf("%d\n", t);
235	#endif
236	@@ -1819,7 +1819,7 @@ timelib_time* timelib_strtotime(char *s,
237	}
238
239
240	-timelib_time timelib_parse_from_format(char format, char string, int len, timelib_error_container errors, const timelib_tzdb tzdb)
241	+timelib_time timelib_parse_from_format(char format, char string, int len, timelib_error_container errors, const timelib_tzdb tzdb, timelib_tz_get_wrapper tz_get_wrapper)
242	{
243	char *fptr = format;
244	char *ptr = string;
245	@@ -1985,7 +1985,7 @@ timelib_time *timelib_parse_from_format(
246	case 'O': /* timezone */
247	{
248	int tz_not_found;
249	- s->time->z = timelib_get_zone((char **) &ptr, &s->time->dst, s->time, &tz_not_found, s->tzdb);
250	+ s->time->z = timelib_get_zone((char **) &ptr, &s->time->dst, s->time, &tz_not_found, s->tzdb, tz_get_wrapper);
251	if (tz_not_found) {
252	add_pbf_error(s, "The timezone could not be found in the database", string, begin);
253	}
254	--- php-5.3.3/ext/date/lib/timelib.h.cve0789
255	+++ php-5.3.3/ext/date/lib/timelib.h
256	@@ -50,6 +50,9 @@
257	#define strncasecmp strnicmp
258	#endif
259
260	+/* Function pointers */
261	+typedef timelib_tzinfo* (timelib_tz_get_wrapper)(char tzname, const timelib_tzdb *tzdb);
262	+
263	/* From dow.c */
264	timelib_sll timelib_day_of_week(timelib_sll y, timelib_sll m, timelib_sll d);
265	timelib_sll timelib_iso_day_of_week(timelib_sll y, timelib_sll m, timelib_sll d);
266	@@ -61,8 +64,8 @@ int timelib_valid_time(timelib_sll h, ti
267	int timelib_valid_date(timelib_sll y, timelib_sll m, timelib_sll d);
268
269	/* From parse_date.re */
270	-timelib_time timelib_strtotime(char s, int len, timelib_error_container *errors, const timelib_tzdb tzdb);
271	-timelib_time timelib_parse_from_format(char format, char s, int len, timelib_error_container errors, const timelib_tzdb tzdb);
272	+timelib_time timelib_strtotime(char s, int len, timelib_error_container *errors, const timelib_tzdb tzdb, timelib_tz_get_wrapper tz_get_wrapper);
273	+timelib_time timelib_parse_from_format(char format, char s, int len, timelib_error_container errors, const timelib_tzdb tzdb, timelib_tz_get_wrapper tz_get_wrapper);
274	void timelib_fill_holes(timelib_time parsed, timelib_time now, int options);
275	char timelib_timezone_id_from_abbr(const char abbr, long gmtoffset, int isdst);
276	const timelib_tz_lookup_table *timelib_timezone_abbreviations_list(void);
277	--- php-5.3.3/ext/date/php_date.c.cve0789
278	+++ php-5.3.3/ext/date/php_date.c
279	@@ -833,6 +833,12 @@ static timelib_tzinfo *php_date_parse_tz
280	}
281	return tzi;
282	}
283	+
284	+timelib_tzinfo php_date_parse_tzfile_wrapper(char formal_tzname, const timelib_tzdb *tzdb)
285	+{
286	+ TSRMLS_FETCH();
287	+ return php_date_parse_tzfile(formal_tzname, tzdb TSRMLS_CC);
288	+}
289	/* }}} */
290
291	/* {{{ Helper functions */
292	@@ -1366,7 +1372,7 @@ PHPAPI signed long php_parse_date(char *
293	int error2;
294	signed long retval;
295
296	- parsed_time = timelib_strtotime(string, strlen(string), &error, DATE_TIMEZONEDB);
297	+ parsed_time = timelib_strtotime(string, strlen(string), &error, DATE_TIMEZONEDB, php_date_parse_tzfile_wrapper);
298	if (error->error_count) {
299	timelib_error_container_dtor(error);
300	return -1;
301	@@ -1403,7 +1409,7 @@ PHP_FUNCTION(strtotime)
302
303	initial_ts = emalloc(25);
304	snprintf(initial_ts, 24, "@%ld UTC", preset_ts);
305	- t = timelib_strtotime(initial_ts, strlen(initial_ts), NULL, DATE_TIMEZONEDB); /* we ignore the error here, as this should never fail */
306	+ t = timelib_strtotime(initial_ts, strlen(initial_ts), NULL, DATE_TIMEZONEDB, php_date_parse_tzfile_wrapper); /* we ignore the error here, as this should never fail */
307	timelib_update_ts(t, tzi);
308	now->tz_info = tzi;
309	now->zone_type = TIMELIB_ZONETYPE_ID;
310	@@ -1425,7 +1431,7 @@ PHP_FUNCTION(strtotime)
311	RETURN_FALSE;
312	}
313
314	- t = timelib_strtotime(times, time_len, &error, DATE_TIMEZONEDB);
315	+ t = timelib_strtotime(times, time_len, &error, DATE_TIMEZONEDB, php_date_parse_tzfile_wrapper);
316	error1 = error->error_count;
317	timelib_error_container_dtor(error);
318	timelib_fill_holes(t, now, TIMELIB_NO_CLONE);
319	@@ -2378,9 +2384,9 @@ static int date_initialize(php_date_obj
320	timelib_time_dtor(dateobj->time);
321	}
322	if (format) {
323	- dateobj->time = timelib_parse_from_format(format, time_str_len ? time_str : "", time_str_len ? time_str_len : 0, &err, DATE_TIMEZONEDB);
324	+ dateobj->time = timelib_parse_from_format(format, time_str_len ? time_str : "", time_str_len ? time_str_len : 0, &err, DATE_TIMEZONEDB, php_date_parse_tzfile_wrapper);
325	} else {
326	- dateobj->time = timelib_strtotime(time_str_len ? time_str : "now", time_str_len ? time_str_len : sizeof("now") -1, &err, DATE_TIMEZONEDB);
327	+ dateobj->time = timelib_strtotime(time_str_len ? time_str : "now", time_str_len ? time_str_len : sizeof("now") -1, &err, DATE_TIMEZONEDB, php_date_parse_tzfile_wrapper);
328	}
329
330	/* update last errors and warnings */
331	@@ -2714,7 +2720,7 @@ PHP_FUNCTION(date_parse)
332	RETURN_FALSE;
333	}
334
335	- parsed_time = timelib_strtotime(date, date_len, &error, DATE_TIMEZONEDB);
336	+ parsed_time = timelib_strtotime(date, date_len, &error, DATE_TIMEZONEDB, php_date_parse_tzfile_wrapper);
337	php_date_do_return_parsed_time(INTERNAL_FUNCTION_PARAM_PASSTHRU, parsed_time, error);
338	}
339	/* }}} */
340	@@ -2733,7 +2739,7 @@ PHP_FUNCTION(date_parse_from_format)
341	RETURN_FALSE;
342	}
343
344	- parsed_time = timelib_parse_from_format(format, date, date_len, &error, DATE_TIMEZONEDB);
345	+ parsed_time = timelib_parse_from_format(format, date, date_len, &error, DATE_TIMEZONEDB, php_date_parse_tzfile_wrapper);
346	php_date_do_return_parsed_time(INTERNAL_FUNCTION_PARAM_PASSTHRU, parsed_time, error);
347	}
348	/* }}} */
349	@@ -2775,7 +2781,7 @@ PHP_FUNCTION(date_modify)
350	dateobj = (php_date_obj *) zend_object_store_get_object(object TSRMLS_CC);
351	DATE_CHECK_INITIALIZED(dateobj->time, DateTime);
352
353	- tmp_time = timelib_strtotime(modify, modify_len, &err, DATE_TIMEZONEDB);
354	+ tmp_time = timelib_strtotime(modify, modify_len, &err, DATE_TIMEZONEDB, php_date_parse_tzfile_wrapper);
355
356	/* update last errors and warnings */
357	update_errors_warnings(err TSRMLS_CC);
358	@@ -3571,7 +3577,7 @@ PHP_FUNCTION(date_interval_create_from_d
359
360	date_instantiate(date_ce_interval, return_value TSRMLS_CC);
361
362	- time = timelib_strtotime(time_str, time_str_len, &err, DATE_TIMEZONEDB);
363	+ time = timelib_strtotime(time_str, time_str_len, &err, DATE_TIMEZONEDB, php_date_parse_tzfile_wrapper);
364	diobj = (php_interval_obj *) zend_object_store_get_object(return_value TSRMLS_CC);
365	diobj->diff = timelib_rel_time_clone(&time->relative);
366	diobj->initialized = 1;
367	--- php-5.3.3/ext/date/tests/bug53502.phpt.cve0789
368	+++ php-5.3.3/ext/date/tests/bug53502.phpt
369	@@ -0,0 +1,13 @@
370	+--TEST--
371	+Bug #53502 (strtotime with timezone memory leak)
372	+--INI--
373	+date.timezone=UTC
374	+--FILE--
375	+<?php
376	+for ($i = 0; $i < 1000; $i++) {
377	+ strtotime('Monday 00:00 Europe/Paris'); // Memory leak
378	+}
379	+echo "Nothing, test only makes sense through valgrind.\n";
380	+?>
381	+--EXPECT--
382	+Nothing, test only makes sense through valgrind.