1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
|
From: Stanislav Malyshev <stas@php.net>
Date: Mon, 14 Apr 2014 03:43:46 +0000 (-0700)
Subject: Fix null byte in LDAP bindings
X-Git-Tag: php-5.4.28RC1~5
X-Git-Url: http://72.52.91.13:8000/?p=php-src.git;a=commitdiff_plain;h=ad1b9eef98df53adefa0c79c02e5dc1f2b928b8c
Fix null byte in LDAP bindings
---
Index: php5-5.3.3/NEWS
===================================================================
--- php5-5.3.3.orig/NEWS 2014-11-23 16:59:26.000000000 +0100
+++ php5-5.3.3/NEWS 2014-11-23 17:00:13.000000000 +0100
@@ -1,5 +1,9 @@
PHP NEWS
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
+LTS Version
+- LDAP:
+ . Fixed issue with null bytes in LDAP bindings. (Matthew Daley)
+
22 Jul 2010, PHP 5.3.3
- Upgraded bundled sqlite to version 3.6.23.1. (Ilia)
- Upgraded bundled PCRE to version 8.02. (Ilia)
Index: php5-5.3.3/ext/ldap/ldap.c
===================================================================
--- php5-5.3.3.orig/ext/ldap/ldap.c 2014-11-23 16:59:26.000000000 +0100
+++ php5-5.3.3/ext/ldap/ldap.c 2014-11-23 16:59:26.000000000 +0100
@@ -390,6 +390,16 @@
RETURN_FALSE;
}
+ if (ldap_bind_dn != NULL && memchr(ldap_bind_dn, '\0', ldap_bind_dnlen) != NULL) {
+ php_error_docref(NULL TSRMLS_CC, E_WARNING, "DN contains a null byte");
+ RETURN_FALSE;
+ }
+
+ if (ldap_bind_pw != NULL && memchr(ldap_bind_pw, '\0', ldap_bind_pwlen) != NULL) {
+ php_error_docref(NULL TSRMLS_CC, E_WARNING, "Password contains a null byte");
+ RETURN_FALSE;
+ }
+
ZEND_FETCH_RESOURCE(ld, ldap_linkdata *, &link, -1, "ldap link", le_link);
if ((rc = ldap_bind_s(ld->link, ldap_bind_dn, ldap_bind_pw, LDAP_AUTH_SIMPLE)) != LDAP_SUCCESS) {
|
