Fix crash in LDAP search functions during argument validation

2 files changed, 18 insertions, 0 deletions

diff --git a/ext/ldap/ldap.c b/ext/ldap/ldap.c
index dde62b3810..c4dfe0c5b0 100644
--- a/ext/ldap/ldap.c
+++ b/ext/ldap/ldap.c
@@ -1602,11 +1602,15 @@ cleanup_parallel:
 
 		if (!base_dn_str) {
 			zend_argument_type_error(2, "must be of type string when argument #1 ($ldap) is a resource");
+			ret = 0;
+			goto cleanup;
 		}
 		ldap_base_dn = zend_string_copy(base_dn_str);
 
 		if (!filter_str) {
 			zend_argument_type_error(3, "must be of type string when argument #1 ($ldap) is a resource");
+			ret = 0;
+			goto cleanup;
 		}
 		ldap_filter = zend_string_copy(filter_str);
 
diff --git a/ext/ldap/tests/ldap_search_error.phpt b/ext/ldap/tests/ldap_search_error.phpt
index 7041c66746..3e8167bf2c 100644
--- a/ext/ldap/tests/ldap_search_error.phpt
+++ b/ext/ldap/tests/ldap_search_error.phpt
@@ -39,6 +39,18 @@ try {
     echo $exception->getMessage() . "\n";
 }
 
+try {
+    ldap_search($link, [], []);
+} catch (TypeError $exception) {
+    echo $exception->getMessage() . "\n";
+}
+
+try {
+    ldap_search($link, "", []);
+} catch (TypeError $exception) {
+    echo $exception->getMessage() . "\n";
+}
+
 ?>
 --EXPECTF--
 Warning: ldap_search(): Search: No such object in %s on line %d
@@ -49,3 +61,5 @@ bool(false)
 ldap_search(): Argument #1 ($ldap) cannot be empty
 ldap_search(): Argument #2 ($base) must have the same number of elements as the links array
 ldap_search(): Argument #3 ($filter) must have the same number of elements as the links array
+ldap_search(): Argument #2 ($base) must be of type string when argument #1 ($ldap) is a resource
+ldap_search(): Argument #3 ($filter) must be of type string when argument #1 ($ldap) is a resource