archive/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2025-08-16 05:58:45 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Merge branch 'PHP-8.3' into PHP-8.4

Browse source 
* PHP-8.3:
  Fix NULL deref on high modification key
This commit is contained in:
Niels Dossche 2025-04-16 11:38:38 +02:00
commit bfa2cfc9ed
No known key found for this signature in database
GPG key ID: B8A8AD166DF0E2E5
3 changed files with 19 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

1
NEWS
View file

@ -26,6 +26,7 @@ PHP NEWS
- LDAP: - LDAP:
. Fixed bug GH-17776 (LDAP_OPT_X_TLS_* options can't be overridden). (Remi) . Fixed bug GH-17776 (LDAP_OPT_X_TLS_* options can't be overridden). (Remi)
. Fix NULL deref on high modification key. (nielsdos)
- libxml: - libxml:
. Fixed custom external entity loader returning an invalid resource leading . Fixed custom external entity loader returning an invalid resource leading

8
ext/ldap/ldap.c
View file

@ -2787,12 +2787,12 @@ PHP_FUNCTION(ldap_modify_batch)
ldap_mods = safe_emalloc((num_mods+1), sizeof(LDAPMod *), 0); ldap_mods = safe_emalloc((num_mods+1), sizeof(LDAPMod *), 0);
/* for each modification */ /* for each modification */
for (i = 0; i < num_mods; i++) { i = 0;
ZEND_HASH_FOREACH_VAL(Z_ARRVAL_P(mods), fetched) {
/* allocate the modification struct */ /* allocate the modification struct */
ldap_mods[i] = safe_emalloc(1, sizeof(LDAPMod), 0); ldap_mods[i] = safe_emalloc(1, sizeof(LDAPMod), 0);
/* fetch the relevant data */ /* fetch the relevant data */
fetched = zend_hash_index_find(Z_ARRVAL_P(mods), i);
mod = fetched; mod = fetched;
_ldap_hash_fetch(mod, LDAP_MODIFY_BATCH_ATTRIB, &attrib); _ldap_hash_fetch(mod, LDAP_MODIFY_BATCH_ATTRIB, &attrib);
@ -2857,7 +2857,9 @@ PHP_FUNCTION(ldap_modify_batch)
/* NULL-terminate values */ /* NULL-terminate values */
ldap_mods[i]->mod_bvalues[num_modvals] = NULL; ldap_mods[i]->mod_bvalues[num_modvals] = NULL;
} }
}
i++;
} ZEND_HASH_FOREACH_END();
/* NULL-terminate modifications */ /* NULL-terminate modifications */
ldap_mods[num_mods] = NULL; ldap_mods[num_mods] = NULL;

13
ext/ldap/tests/ldap_modify_batch_error.phpt
View file

@ -59,6 +59,16 @@ $mods = array(
) )
); );
var_dump(ldap_modify_batch($link, "dc=my-domain,$base", $mods));
// high key with invalid attribute type
$mods = [
99999 => [
"attrib" => "weirdAttribute",
"modtype" => LDAP_MODIFY_BATCH_ADD,
"values" => ["value1"],
],
];
var_dump(ldap_modify_batch($link, "dc=my-domain,$base", $mods)); var_dump(ldap_modify_batch($link, "dc=my-domain,$base", $mods));
?> ?>
--CLEAN-- --CLEAN--
@ -81,3 +91,6 @@ bool(false)
Warning: ldap_modify_batch(): Batch Modify: Undefined attribute type in %s on line %d Warning: ldap_modify_batch(): Batch Modify: Undefined attribute type in %s on line %d
bool(false) bool(false)
Warning: ldap_modify_batch(): Batch Modify: Undefined attribute type in %s on line %d
bool(false)