Merge branch 'PHP-7.3' into PHP-7.4

* PHP-7.3: Fix some memory bugs in ldap.c
author: Nikita Popov <nikita.ppv@gmail.com> 2020-07-10 09:47:59 +0200
committer: Nikita Popov <nikita.ppv@gmail.com> 2020-07-10 09:49:50 +0200
commit: 22352868ec12330e3c0b4568292f3335d22e9e43 (patch)
tree: 0a94a5b9ab2ea4cbd8f11eb643ccd9527b9ff3a6
parent: db484b612dc5810466400af08762621bbd8abc5e (diff)
parent: 23ef0a12851012d6738e4fa01bd9e56005e6b88e (diff)
download: php-git-22352868ec12330e3c0b4568292f3335d22e9e43.tar.gz
1 files changed, 36 insertions, 8 deletions
diff --git a/ext/ldap/ldap.c b/ext/ldap/ldap.c
index c09dee52bf..54ba898a3c 100644
--- a/ext/ldap/ldap.c
+++ b/ext/ldap/ldap.c
@@ -282,7 +282,8 @@ static int _php_ldap_control_from_array(LDAP *ld, LDAPControl** ctrl, zval* arra
 	int control_iscritical = 0, rc = LDAP_SUCCESS;
 	char** ldap_attrs = NULL;
 	LDAPSortKey** sort_keys = NULL;
-	zend_string *tmpstring = NULL;
+	zend_string *tmpstring = NULL, **tmpstrings1 = NULL, **tmpstrings2 = NULL;
+	size_t num_tmpstrings1 = 0, num_tmpstrings2 = 0;
 
 	if ((val = zend_hash_str_find(Z_ARRVAL_P(array), "oid", sizeof("oid") - 1)) == NULL) {
 		php_error_docref(NULL, E_WARNING, "Control must have an oid key");
@@ -396,7 +397,6 @@ static int _php_ldap_control_from_array(LDAP *ld, LDAPControl** ctrl, zval* arra
 						if (ber_flatten2(vrber, control_value, 0) == -1) {
 							rc = -1;
 						}
-						ber_free(vrber, 1);
 					}
 				}
 			}
@@ -418,6 +418,8 @@ static int _php_ldap_control_from_array(LDAP *ld, LDAPControl** ctrl, zval* arra
 
 					num_attribs = zend_hash_num_elements(Z_ARRVAL_P(tmp));
 					ldap_attrs = safe_emalloc((num_attribs+1), sizeof(char *), 0);
+					tmpstrings1 = safe_emalloc(num_attribs, sizeof(zend_string*), 0);
+					num_tmpstrings1 = 0;
 
 					for (i = 0; i<num_attribs; i++) {
 						if ((attr = zend_hash_index_find(Z_ARRVAL_P(tmp), i)) == NULL) {
@@ -426,12 +428,13 @@ static int _php_ldap_control_from_array(LDAP *ld, LDAPControl** ctrl, zval* arra
 							goto failure;
 						}
 
-						tmpstring = zval_get_string(attr);
+						tmpstrings1[num_tmpstrings1] = zval_get_string(attr);
 						if (EG(exception)) {
 							rc = -1;
 							goto failure;
 						}
-						ldap_attrs[i] = ZSTR_VAL(tmpstring);
+						ldap_attrs[i] = ZSTR_VAL(tmpstrings1[num_tmpstrings1]);
+						++num_tmpstrings1;
 					}
 					ldap_attrs[num_attribs] = NULL;
 
@@ -456,6 +459,10 @@ static int _php_ldap_control_from_array(LDAP *ld, LDAPControl** ctrl, zval* arra
 
 			num_keys = zend_hash_num_elements(Z_ARRVAL_P(val));
 			sort_keys = safe_emalloc((num_keys+1), sizeof(LDAPSortKey*), 0);
+			tmpstrings1 = safe_emalloc(num_keys, sizeof(zend_string*), 0);
+			tmpstrings2 = safe_emalloc(num_keys, sizeof(zend_string*), 0);
+			num_tmpstrings1 = 0;
+			num_tmpstrings2 = 0;
 
 			for (i = 0; i<num_keys; i++) {
 				if ((sortkey = zend_hash_index_find(Z_ARRVAL_P(val), i)) == NULL) {
@@ -470,20 +477,22 @@ static int _php_ldap_control_from_array(LDAP *ld, LDAPControl** ctrl, zval* arra
 					goto failure;
 				}
 				sort_keys[i] = emalloc(sizeof(LDAPSortKey));
-				tmpstring = zval_get_string(tmp);
+				tmpstrings1[num_tmpstrings1] = zval_get_string(tmp);
 				if (EG(exception)) {
 					rc = -1;
 					goto failure;
 				}
-				sort_keys[i]->attributeType = ZSTR_VAL(tmpstring);
+				sort_keys[i]->attributeType = ZSTR_VAL(tmpstrings1[num_tmpstrings1]);
+				++num_tmpstrings1;
 
 				if ((tmp = zend_hash_str_find(Z_ARRVAL_P(sortkey), "oid", sizeof("oid") - 1)) != NULL) {
-					tmpstring = zval_get_string(tmp);
+					tmpstrings2[num_tmpstrings2] = zval_get_string(tmp);
 					if (EG(exception)) {
 						rc = -1;
 						goto failure;
 					}
-					sort_keys[i]->orderingRule = ZSTR_VAL(tmpstring);
+					sort_keys[i]->orderingRule = ZSTR_VAL(tmpstrings2[num_tmpstrings2]);
+					++num_tmpstrings2;
 				} else {
 					sort_keys[i]->orderingRule = NULL;
 				}
@@ -590,6 +599,20 @@ failure:
 	if (tmpstring != NULL) {
 		zend_string_release(tmpstring);
 	}
+	if (tmpstrings1 != NULL) {
+		int i;
+		for (i = 0; i < num_tmpstrings1; ++i) {
+			zend_string_release(tmpstrings1[i]);
+		}
+		efree(tmpstrings1);
+	}
+	if (tmpstrings2 != NULL) {
+		int i;
+		for (i = 0; i < num_tmpstrings2; ++i) {
+			zend_string_release(tmpstrings2[i]);
+		}
+		efree(tmpstrings2);
+	}
 	if (control_value != NULL) {
 		ber_memfree(control_value);
 		control_value = NULL;
@@ -4292,6 +4315,11 @@ PHP_FUNCTION(ldap_exop_passwd)
 		lnewpw.bv_len > 0 ? &lnewpw : NULL,
 		requestctrls,
 		NULL, &msgid);
+
+	if (requestctrls != NULL) {
+		efree(requestctrls);
+	}
+
 	if (rc != LDAP_SUCCESS ) {
 		php_error_docref(NULL, E_WARNING, "Passwd modify extended operation failed: %s (%d)", ldap_err2string(rc), rc);
 		RETURN_FALSE;
author	Nikita Popov <nikita.ppv@gmail.com>	2020-07-10 09:47:59 +0200
committer	Nikita Popov <nikita.ppv@gmail.com>	2020-07-10 09:49:50 +0200
commit	22352868ec12330e3c0b4568292f3335d22e9e43 (patch)
tree	0a94a5b9ab2ea4cbd8f11eb643ccd9527b9ff3a6
parent	db484b612dc5810466400af08762621bbd8abc5e (diff)
parent	23ef0a12851012d6738e4fa01bd9e56005e6b88e (diff)
download	php-git-22352868ec12330e3c0b4568292f3335d22e9e43.tar.gz