From b03438ba3addd4467704a0aaa58a1c54432579e3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?M=C3=A1t=C3=A9=20Kocsis?= Date: Mon, 15 Mar 2021 23:07:05 +0100 Subject: Fix crash in LDAP search functions during argument validation --- ext/ldap/ldap.c | 4 ++++ ext/ldap/tests/ldap_search_error.phpt | 14 ++++++++++++++ 2 files changed, 18 insertions(+) diff --git a/ext/ldap/ldap.c b/ext/ldap/ldap.c index dde62b3810..c4dfe0c5b0 100644 --- a/ext/ldap/ldap.c +++ b/ext/ldap/ldap.c @@ -1602,11 +1602,15 @@ cleanup_parallel: if (!base_dn_str) { zend_argument_type_error(2, "must be of type string when argument #1 ($ldap) is a resource"); + ret = 0; + goto cleanup; } ldap_base_dn = zend_string_copy(base_dn_str); if (!filter_str) { zend_argument_type_error(3, "must be of type string when argument #1 ($ldap) is a resource"); + ret = 0; + goto cleanup; } ldap_filter = zend_string_copy(filter_str); diff --git a/ext/ldap/tests/ldap_search_error.phpt b/ext/ldap/tests/ldap_search_error.phpt index 7041c66746..3e8167bf2c 100644 --- a/ext/ldap/tests/ldap_search_error.phpt +++ b/ext/ldap/tests/ldap_search_error.phpt @@ -39,6 +39,18 @@ try { echo $exception->getMessage() . "\n"; } +try { + ldap_search($link, [], []); +} catch (TypeError $exception) { + echo $exception->getMessage() . "\n"; +} + +try { + ldap_search($link, "", []); +} catch (TypeError $exception) { + echo $exception->getMessage() . "\n"; +} + ?> --EXPECTF-- Warning: ldap_search(): Search: No such object in %s on line %d @@ -49,3 +61,5 @@ bool(false) ldap_search(): Argument #1 ($ldap) cannot be empty ldap_search(): Argument #2 ($base) must have the same number of elements as the links array ldap_search(): Argument #3 ($filter) must have the same number of elements as the links array +ldap_search(): Argument #2 ($base) must be of type string when argument #1 ($ldap) is a resource +ldap_search(): Argument #3 ($filter) must be of type string when argument #1 ($ldap) is a resource -- cgit v1.2.1