Fix null byte in LDAP bindings

author: Stanislav Malyshev <stas@php.net> 2014-04-13 20:43:46 -0700
committer: Stanislav Malyshev <stas@php.net> 2014-04-14 10:51:32 -0700
commit: 59900dd37f836cab2a96e449eace2fa97996aa85 (patch)
tree: a822caa1a6ac3a8881d40d43e89e4d78b81f36c3 /ext/ldap
parent: 41569b10290e31affb7d8a4e5623b051790fab05 (diff)
download: php-git-59900dd37f836cab2a96e449eace2fa97996aa85.tar.gz
1 files changed, 10 insertions, 0 deletions
diff --git a/ext/ldap/ldap.c b/ext/ldap/ldap.c
index f5583cd8c0..50055a25a7 100644
--- a/ext/ldap/ldap.c
+++ b/ext/ldap/ldap.c
@@ -405,6 +405,16 @@ PHP_FUNCTION(ldap_bind)
 		RETURN_FALSE;
 	}
 
+	if (ldap_bind_dn != NULL && memchr(ldap_bind_dn, '\0', ldap_bind_dnlen) != NULL) {
+		php_error_docref(NULL TSRMLS_CC, E_WARNING, "DN contains a null byte");
+		RETURN_FALSE;
+	}
+
+	if (ldap_bind_pw != NULL && memchr(ldap_bind_pw, '\0', ldap_bind_pwlen) != NULL) {
+		php_error_docref(NULL TSRMLS_CC, E_WARNING, "Password contains a null byte");
+		RETURN_FALSE;
+	}
+
 	ZEND_FETCH_RESOURCE(ld, ldap_linkdata *, &link, -1, "ldap link", le_link);
 
 	if ((rc = ldap_bind_s(ld->link, ldap_bind_dn, ldap_bind_pw, LDAP_AUTH_SIMPLE)) != LDAP_SUCCESS) {
author	Stanislav Malyshev <stas@php.net>	2014-04-13 20:43:46 -0700
committer	Stanislav Malyshev <stas@php.net>	2014-04-14 10:51:32 -0700
commit	59900dd37f836cab2a96e449eace2fa97996aa85 (patch)
tree	a822caa1a6ac3a8881d40d43e89e4d78b81f36c3 /ext/ldap
parent	41569b10290e31affb7d8a4e5623b051790fab05 (diff)
download	php-git-59900dd37f836cab2a96e449eace2fa97996aa85.tar.gz