diff options
author | Máté Kocsis <kocsismate@woohoolabs.com> | 2021-03-15 23:07:05 +0100 |
---|---|---|
committer | Máté Kocsis <kocsismate@woohoolabs.com> | 2021-03-16 09:31:37 +0100 |
commit | b03438ba3addd4467704a0aaa58a1c54432579e3 (patch) | |
tree | 82beee5e66541a15190beac203fa1d9a2b6a7a20 | |
parent | 5ecc078a17bbc30f9f5023290b374b42e0e2dd00 (diff) | |
download | php-git-b03438ba3addd4467704a0aaa58a1c54432579e3.tar.gz |
Fix crash in LDAP search functions during argument validation
-rw-r--r-- | ext/ldap/ldap.c | 4 | ||||
-rw-r--r-- | ext/ldap/tests/ldap_search_error.phpt | 14 |
2 files changed, 18 insertions, 0 deletions
diff --git a/ext/ldap/ldap.c b/ext/ldap/ldap.c index dde62b3810..c4dfe0c5b0 100644 --- a/ext/ldap/ldap.c +++ b/ext/ldap/ldap.c @@ -1602,11 +1602,15 @@ cleanup_parallel: if (!base_dn_str) { zend_argument_type_error(2, "must be of type string when argument #1 ($ldap) is a resource"); + ret = 0; + goto cleanup; } ldap_base_dn = zend_string_copy(base_dn_str); if (!filter_str) { zend_argument_type_error(3, "must be of type string when argument #1 ($ldap) is a resource"); + ret = 0; + goto cleanup; } ldap_filter = zend_string_copy(filter_str); diff --git a/ext/ldap/tests/ldap_search_error.phpt b/ext/ldap/tests/ldap_search_error.phpt index 7041c66746..3e8167bf2c 100644 --- a/ext/ldap/tests/ldap_search_error.phpt +++ b/ext/ldap/tests/ldap_search_error.phpt @@ -39,6 +39,18 @@ try { echo $exception->getMessage() . "\n"; } +try { + ldap_search($link, [], []); +} catch (TypeError $exception) { + echo $exception->getMessage() . "\n"; +} + +try { + ldap_search($link, "", []); +} catch (TypeError $exception) { + echo $exception->getMessage() . "\n"; +} + ?> --EXPECTF-- Warning: ldap_search(): Search: No such object in %s on line %d @@ -49,3 +61,5 @@ bool(false) ldap_search(): Argument #1 ($ldap) cannot be empty ldap_search(): Argument #2 ($base) must have the same number of elements as the links array ldap_search(): Argument #3 ($filter) must have the same number of elements as the links array +ldap_search(): Argument #2 ($base) must be of type string when argument #1 ($ldap) is a resource +ldap_search(): Argument #3 ($filter) must be of type string when argument #1 ($ldap) is a resource |