From ed4de188dd1c15d278a8250e6be3cba142bba6af Mon Sep 17 00:00:00 2001
From: Stanislav Malyshev <stas@php.net>
Date: Sun, 13 Apr 2014 20:43:46 -0700
Subject: Fix null byte in LDAP bindings

---
 ext/ldap/ldap.c | 10 ++++++++++
 1 file changed, 10 insertions(+)

(limited to 'ext/ldap')

diff --git a/ext/ldap/ldap.c b/ext/ldap/ldap.c
index 10daa82f36..da5aa5f9cd 100644
--- a/ext/ldap/ldap.c
+++ b/ext/ldap/ldap.c
@@ -399,6 +399,16 @@ PHP_FUNCTION(ldap_bind)
 		RETURN_FALSE;
 	}
 
+	if (ldap_bind_dn != NULL && memchr(ldap_bind_dn, '\0', ldap_bind_dnlen) != NULL) {
+		php_error_docref(NULL TSRMLS_CC, E_WARNING, "DN contains a null byte");
+		RETURN_FALSE;
+	}
+
+	if (ldap_bind_pw != NULL && memchr(ldap_bind_pw, '\0', ldap_bind_pwlen) != NULL) {
+		php_error_docref(NULL TSRMLS_CC, E_WARNING, "Password contains a null byte");
+		RETURN_FALSE;
+	}
+
 	ZEND_FETCH_RESOURCE(ld, ldap_linkdata *, &link, -1, "ldap link", le_link);
 
 	if ((rc = ldap_bind_s(ld->link, ldap_bind_dn, ldap_bind_pw, LDAP_AUTH_SIMPLE)) != LDAP_SUCCESS) {
-- 
cgit v1.2.1