diff options
author | Matthew Daley <mattd@bugfuzz.com> | 2014-09-28 17:49:35 +1300 |
---|---|---|
committer | Stanislav Malyshev <stas@php.net> | 2014-09-28 12:23:52 -0700 |
commit | fcbe20d3577ad261f4b8a77714a2fb6facc85dbd (patch) | |
tree | 68f43df6c09734421e957f294c8dcb876b7d16c0 | |
parent | 2711948d14cbcd5ababf82cae55ef25f3f870e1f (diff) | |
download | php-git-fcbe20d3577ad261f4b8a77714a2fb6facc85dbd.tar.gz |
Set an LDAP error code when failing ldap_bind due to null bytes
Some applications check a LDAP link's error code after seeing ldap_bind
fail due to a null byte bind attempt and hence incorrectly receive the
last set error code.
Fix by setting an LDAP error code before returning in this case.
-rw-r--r-- | ext/ldap/ldap.c | 23 |
1 files changed, 21 insertions, 2 deletions
diff --git a/ext/ldap/ldap.c b/ext/ldap/ldap.c index 9fe48a03aa..2dabc34c40 100644 --- a/ext/ldap/ldap.c +++ b/ext/ldap/ldap.c @@ -385,6 +385,23 @@ static int _get_lderrno(LDAP *ldap) } /* }}} */ +/* {{{ _set_lderrno + */ +static void _set_lderrno(LDAP *ldap, int lderr) +{ +#if !HAVE_NSLDAP +#if LDAP_API_VERSION > 2000 || HAVE_ORALDAP + /* New versions of OpenLDAP do it this way */ + ldap_set_option(ldap, LDAP_OPT_ERROR_NUMBER, &lderr); +#else + ldap->ld_errno = lderr; +#endif +#else + ldap_set_lderrno(ldap, lderr, NULL, NULL); +#endif +} +/* }}} */ + /* {{{ proto bool ldap_bind(resource link [, string dn [, string password]]) Bind to LDAP directory */ PHP_FUNCTION(ldap_bind) @@ -399,18 +416,20 @@ PHP_FUNCTION(ldap_bind) RETURN_FALSE; } + ZEND_FETCH_RESOURCE(ld, ldap_linkdata *, &link, -1, "ldap link", le_link); + if (ldap_bind_dn != NULL && memchr(ldap_bind_dn, '\0', ldap_bind_dnlen) != NULL) { + _set_lderrno(ld->link, LDAP_INVALID_CREDENTIALS); php_error_docref(NULL TSRMLS_CC, E_WARNING, "DN contains a null byte"); RETURN_FALSE; } if (ldap_bind_pw != NULL && memchr(ldap_bind_pw, '\0', ldap_bind_pwlen) != NULL) { + _set_lderrno(ld->link, LDAP_INVALID_CREDENTIALS); php_error_docref(NULL TSRMLS_CC, E_WARNING, "Password contains a null byte"); RETURN_FALSE; } - ZEND_FETCH_RESOURCE(ld, ldap_linkdata *, &link, -1, "ldap link", le_link); - if ((rc = ldap_bind_s(ld->link, ldap_bind_dn, ldap_bind_pw, LDAP_AUTH_SIMPLE)) != LDAP_SUCCESS) { php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unable to bind to server: %s", ldap_err2string(rc)); RETURN_FALSE; |