archive/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2025-08-16 05:58:45 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Merge branch 'PHP-7.4'

Browse source 
* PHP-7.4:
  Fix some memory bugs in ldap.c
This commit is contained in:
Nikita Popov 2020-07-10 09:50:12 +02:00
commit bee2cf0899
1 changed files with 36 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files

44
ext/ldap/ldap.c
View file

@ -280,7 +280,8 @@ static int _php_ldap_control_from_array(LDAP *ld, LDAPControl** ctrl, zval* arra
int control_iscritical = 0, rc = LDAP_SUCCESS;
char** ldap_attrs = NULL;
LDAPSortKey** sort_keys = NULL;
zend_string *tmpstring = NULL;
zend_string *tmpstring = NULL, **tmpstrings1 = NULL, **tmpstrings2 = NULL;
size_t num_tmpstrings1 = 0, num_tmpstrings2 = 0;
if ((val = zend_hash_str_find(Z_ARRVAL_P(array), "oid", sizeof("oid") - 1)) == NULL) {
php_error_docref(NULL, E_WARNING, "Control must have an oid key");
@ -394,7 +395,6 @@ static int _php_ldap_control_from_array(LDAP *ld, LDAPControl** ctrl, zval* arra
if (ber_flatten2(vrber, control_value, 0) == -1) {
rc = -1;
}
ber_free(vrber, 1);
}
}
}
@ -416,6 +416,8 @@ static int _php_ldap_control_from_array(LDAP *ld, LDAPControl** ctrl, zval* arra
num_attribs = zend_hash_num_elements(Z_ARRVAL_P(tmp));
ldap_attrs = safe_emalloc((num_attribs+1), sizeof(char *), 0);
tmpstrings1 = safe_emalloc(num_attribs, sizeof(zend_string*), 0);
num_tmpstrings1 = 0;
for (i = 0; i<num_attribs; i++) {
if ((attr = zend_hash_index_find(Z_ARRVAL_P(tmp), i)) == NULL) {
@ -424,12 +426,13 @@ static int _php_ldap_control_from_array(LDAP *ld, LDAPControl** ctrl, zval* arra
goto failure;
}
tmpstring = zval_get_string(attr);
tmpstrings1[num_tmpstrings1] = zval_get_string(attr);
if (EG(exception)) {
rc = -1;
goto failure;
}
ldap_attrs[i] = ZSTR_VAL(tmpstring);
ldap_attrs[i] = ZSTR_VAL(tmpstrings1[num_tmpstrings1]);
++num_tmpstrings1;
}
ldap_attrs[num_attribs] = NULL;
@ -454,6 +457,10 @@ static int _php_ldap_control_from_array(LDAP *ld, LDAPControl** ctrl, zval* arra
num_keys = zend_hash_num_elements(Z_ARRVAL_P(val));
sort_keys = safe_emalloc((num_keys+1), sizeof(LDAPSortKey*), 0);
tmpstrings1 = safe_emalloc(num_keys, sizeof(zend_string*), 0);
tmpstrings2 = safe_emalloc(num_keys, sizeof(zend_string*), 0);
num_tmpstrings1 = 0;
num_tmpstrings2 = 0;
for (i = 0; i<num_keys; i++) {
if ((sortkey = zend_hash_index_find(Z_ARRVAL_P(val), i)) == NULL) {
@ -468,20 +475,22 @@ static int _php_ldap_control_from_array(LDAP *ld, LDAPControl** ctrl, zval* arra
goto failure;
}
sort_keys[i] = emalloc(sizeof(LDAPSortKey));
tmpstring = zval_get_string(tmp);
tmpstrings1[num_tmpstrings1] = zval_get_string(tmp);
if (EG(exception)) {
rc = -1;
goto failure;
}
sort_keys[i]->attributeType = ZSTR_VAL(tmpstring);
sort_keys[i]->attributeType = ZSTR_VAL(tmpstrings1[num_tmpstrings1]);
++num_tmpstrings1;
if ((tmp = zend_hash_str_find(Z_ARRVAL_P(sortkey), "oid", sizeof("oid") - 1)) != NULL) {
tmpstring = zval_get_string(tmp);
tmpstrings2[num_tmpstrings2] = zval_get_string(tmp);
if (EG(exception)) {
rc = -1;
goto failure;
}
sort_keys[i]->orderingRule = ZSTR_VAL(tmpstring);
sort_keys[i]->orderingRule = ZSTR_VAL(tmpstrings2[num_tmpstrings2]);
++num_tmpstrings2;
} else {
sort_keys[i]->orderingRule = NULL;
}
@ -588,6 +597,20 @@ failure:
if (tmpstring != NULL) {
zend_string_release(tmpstring);
}
if (tmpstrings1 != NULL) {
int i;
for (i = 0; i < num_tmpstrings1; ++i) {
zend_string_release(tmpstrings1[i]);
}
efree(tmpstrings1);
}
if (tmpstrings2 != NULL) {
int i;
for (i = 0; i < num_tmpstrings2; ++i) {
zend_string_release(tmpstrings2[i]);
}
efree(tmpstrings2);
}
if (control_value != NULL) {
ber_memfree(control_value);
control_value = NULL;
@ -4207,6 +4230,11 @@ PHP_FUNCTION(ldap_exop_passwd)
lnewpw.bv_len > 0 ? &lnewpw : NULL,
requestctrls,
NULL, &msgid);
if (requestctrls != NULL) {
efree(requestctrls);
}
if (rc != LDAP_SUCCESS ) {
php_error_docref(NULL, E_WARNING, "Passwd modify extended operation failed: %s (%d)", ldap_err2string(rc), rc);
RETURN_FALSE;