Fix null byte in LDAP bindings

author: Stanislav Malyshev <stas@php.net> 2014-04-13 20:43:46 -0700
committer: Stanislav Malyshev <stas@php.net> 2014-04-14 10:53:08 -0700
commit: 9af0756dd563d4eef7ce9492a6abb1b99ef74637 (patch)
tree: 34e132ef688ab61c7f1b09cfc0e24e220b72cb51 /ext/ldap/ldap.c
parent: fb96a62b7d5697ea78be0eba20785ecc07bc9bce (diff)
download: php-git-9af0756dd563d4eef7ce9492a6abb1b99ef74637.tar.gz
1 files changed, 10 insertions, 0 deletions
diff --git a/ext/ldap/ldap.c b/ext/ldap/ldap.c
index f5583cd8c0..50055a25a7 100644
--- a/ext/ldap/ldap.c
+++ b/ext/ldap/ldap.c
@@ -405,6 +405,16 @@ PHP_FUNCTION(ldap_bind)
 		RETURN_FALSE;
 	}
 
+	if (ldap_bind_dn != NULL && memchr(ldap_bind_dn, '\0', ldap_bind_dnlen) != NULL) {
+		php_error_docref(NULL TSRMLS_CC, E_WARNING, "DN contains a null byte");
+		RETURN_FALSE;
+	}
+
+	if (ldap_bind_pw != NULL && memchr(ldap_bind_pw, '\0', ldap_bind_pwlen) != NULL) {
+		php_error_docref(NULL TSRMLS_CC, E_WARNING, "Password contains a null byte");
+		RETURN_FALSE;
+	}
+
 	ZEND_FETCH_RESOURCE(ld, ldap_linkdata *, &link, -1, "ldap link", le_link);
 
 	if ((rc = ldap_bind_s(ld->link, ldap_bind_dn, ldap_bind_pw, LDAP_AUTH_SIMPLE)) != LDAP_SUCCESS) {
author	Stanislav Malyshev <stas@php.net>	2014-04-13 20:43:46 -0700
committer	Stanislav Malyshev <stas@php.net>	2014-04-14 10:53:08 -0700
commit	9af0756dd563d4eef7ce9492a6abb1b99ef74637 (patch)
tree	34e132ef688ab61c7f1b09cfc0e24e220b72cb51 /ext/ldap/ldap.c
parent	fb96a62b7d5697ea78be0eba20785ecc07bc9bce (diff)
download	php-git-9af0756dd563d4eef7ce9492a6abb1b99ef74637.tar.gz