diff options
author | Nikita Popov <nikita.ppv@gmail.com> | 2020-07-10 09:47:59 +0200 |
---|---|---|
committer | Nikita Popov <nikita.ppv@gmail.com> | 2020-07-10 09:49:50 +0200 |
commit | 22352868ec12330e3c0b4568292f3335d22e9e43 (patch) | |
tree | 0a94a5b9ab2ea4cbd8f11eb643ccd9527b9ff3a6 | |
parent | db484b612dc5810466400af08762621bbd8abc5e (diff) | |
parent | 23ef0a12851012d6738e4fa01bd9e56005e6b88e (diff) | |
download | php-git-22352868ec12330e3c0b4568292f3335d22e9e43.tar.gz |
Merge branch 'PHP-7.3' into PHP-7.4
* PHP-7.3:
Fix some memory bugs in ldap.c
-rw-r--r-- | ext/ldap/ldap.c | 44 |
1 files changed, 36 insertions, 8 deletions
diff --git a/ext/ldap/ldap.c b/ext/ldap/ldap.c index c09dee52bf..54ba898a3c 100644 --- a/ext/ldap/ldap.c +++ b/ext/ldap/ldap.c @@ -282,7 +282,8 @@ static int _php_ldap_control_from_array(LDAP *ld, LDAPControl** ctrl, zval* arra int control_iscritical = 0, rc = LDAP_SUCCESS; char** ldap_attrs = NULL; LDAPSortKey** sort_keys = NULL; - zend_string *tmpstring = NULL; + zend_string *tmpstring = NULL, **tmpstrings1 = NULL, **tmpstrings2 = NULL; + size_t num_tmpstrings1 = 0, num_tmpstrings2 = 0; if ((val = zend_hash_str_find(Z_ARRVAL_P(array), "oid", sizeof("oid") - 1)) == NULL) { php_error_docref(NULL, E_WARNING, "Control must have an oid key"); @@ -396,7 +397,6 @@ static int _php_ldap_control_from_array(LDAP *ld, LDAPControl** ctrl, zval* arra if (ber_flatten2(vrber, control_value, 0) == -1) { rc = -1; } - ber_free(vrber, 1); } } } @@ -418,6 +418,8 @@ static int _php_ldap_control_from_array(LDAP *ld, LDAPControl** ctrl, zval* arra num_attribs = zend_hash_num_elements(Z_ARRVAL_P(tmp)); ldap_attrs = safe_emalloc((num_attribs+1), sizeof(char *), 0); + tmpstrings1 = safe_emalloc(num_attribs, sizeof(zend_string*), 0); + num_tmpstrings1 = 0; for (i = 0; i<num_attribs; i++) { if ((attr = zend_hash_index_find(Z_ARRVAL_P(tmp), i)) == NULL) { @@ -426,12 +428,13 @@ static int _php_ldap_control_from_array(LDAP *ld, LDAPControl** ctrl, zval* arra goto failure; } - tmpstring = zval_get_string(attr); + tmpstrings1[num_tmpstrings1] = zval_get_string(attr); if (EG(exception)) { rc = -1; goto failure; } - ldap_attrs[i] = ZSTR_VAL(tmpstring); + ldap_attrs[i] = ZSTR_VAL(tmpstrings1[num_tmpstrings1]); + ++num_tmpstrings1; } ldap_attrs[num_attribs] = NULL; @@ -456,6 +459,10 @@ static int _php_ldap_control_from_array(LDAP *ld, LDAPControl** ctrl, zval* arra num_keys = zend_hash_num_elements(Z_ARRVAL_P(val)); sort_keys = safe_emalloc((num_keys+1), sizeof(LDAPSortKey*), 0); + tmpstrings1 = safe_emalloc(num_keys, sizeof(zend_string*), 0); + tmpstrings2 = safe_emalloc(num_keys, sizeof(zend_string*), 0); + num_tmpstrings1 = 0; + num_tmpstrings2 = 0; for (i = 0; i<num_keys; i++) { if ((sortkey = zend_hash_index_find(Z_ARRVAL_P(val), i)) == NULL) { @@ -470,20 +477,22 @@ static int _php_ldap_control_from_array(LDAP *ld, LDAPControl** ctrl, zval* arra goto failure; } sort_keys[i] = emalloc(sizeof(LDAPSortKey)); - tmpstring = zval_get_string(tmp); + tmpstrings1[num_tmpstrings1] = zval_get_string(tmp); if (EG(exception)) { rc = -1; goto failure; } - sort_keys[i]->attributeType = ZSTR_VAL(tmpstring); + sort_keys[i]->attributeType = ZSTR_VAL(tmpstrings1[num_tmpstrings1]); + ++num_tmpstrings1; if ((tmp = zend_hash_str_find(Z_ARRVAL_P(sortkey), "oid", sizeof("oid") - 1)) != NULL) { - tmpstring = zval_get_string(tmp); + tmpstrings2[num_tmpstrings2] = zval_get_string(tmp); if (EG(exception)) { rc = -1; goto failure; } - sort_keys[i]->orderingRule = ZSTR_VAL(tmpstring); + sort_keys[i]->orderingRule = ZSTR_VAL(tmpstrings2[num_tmpstrings2]); + ++num_tmpstrings2; } else { sort_keys[i]->orderingRule = NULL; } @@ -590,6 +599,20 @@ failure: if (tmpstring != NULL) { zend_string_release(tmpstring); } + if (tmpstrings1 != NULL) { + int i; + for (i = 0; i < num_tmpstrings1; ++i) { + zend_string_release(tmpstrings1[i]); + } + efree(tmpstrings1); + } + if (tmpstrings2 != NULL) { + int i; + for (i = 0; i < num_tmpstrings2; ++i) { + zend_string_release(tmpstrings2[i]); + } + efree(tmpstrings2); + } if (control_value != NULL) { ber_memfree(control_value); control_value = NULL; @@ -4292,6 +4315,11 @@ PHP_FUNCTION(ldap_exop_passwd) lnewpw.bv_len > 0 ? &lnewpw : NULL, requestctrls, NULL, &msgid); + + if (requestctrls != NULL) { + efree(requestctrls); + } + if (rc != LDAP_SUCCESS ) { php_error_docref(NULL, E_WARNING, "Passwd modify extended operation failed: %s (%d)", ldap_err2string(rc), rc); RETURN_FALSE; |