Fix null byte in LDAP bindings

author: Stanislav Malyshev <stas@php.net> 2014-04-13 20:43:46 -0700
committer: Stanislav Malyshev <stas@php.net> 2014-04-14 10:46:46 -0700
commit: ed4de188dd1c15d278a8250e6be3cba142bba6af (patch)
tree: 5ca065e59cfaef12f07bd47c69450e4e9c2c433c /ext/ldap
parent: 7f43aeb1675994ce0b00a1113fb69ea468f9f884 (diff)
download: php-git-ed4de188dd1c15d278a8250e6be3cba142bba6af.tar.gz
1 files changed, 10 insertions, 0 deletions
diff --git a/ext/ldap/ldap.c b/ext/ldap/ldap.c
index 10daa82f36..da5aa5f9cd 100644
--- a/ext/ldap/ldap.c
+++ b/ext/ldap/ldap.c
@@ -399,6 +399,16 @@ PHP_FUNCTION(ldap_bind)
 		RETURN_FALSE;
 	}
 
+	if (ldap_bind_dn != NULL && memchr(ldap_bind_dn, '\0', ldap_bind_dnlen) != NULL) {
+		php_error_docref(NULL TSRMLS_CC, E_WARNING, "DN contains a null byte");
+		RETURN_FALSE;
+	}
+
+	if (ldap_bind_pw != NULL && memchr(ldap_bind_pw, '\0', ldap_bind_pwlen) != NULL) {
+		php_error_docref(NULL TSRMLS_CC, E_WARNING, "Password contains a null byte");
+		RETURN_FALSE;
+	}
+
 	ZEND_FETCH_RESOURCE(ld, ldap_linkdata *, &link, -1, "ldap link", le_link);
 
 	if ((rc = ldap_bind_s(ld->link, ldap_bind_dn, ldap_bind_pw, LDAP_AUTH_SIMPLE)) != LDAP_SUCCESS) {
author	Stanislav Malyshev <stas@php.net>	2014-04-13 20:43:46 -0700
committer	Stanislav Malyshev <stas@php.net>	2014-04-14 10:46:46 -0700
commit	ed4de188dd1c15d278a8250e6be3cba142bba6af (patch)
tree	5ca065e59cfaef12f07bd47c69450e4e9c2c433c /ext/ldap
parent	7f43aeb1675994ce0b00a1113fb69ea468f9f884 (diff)
download	php-git-ed4de188dd1c15d278a8250e6be3cba142bba6af.tar.gz