archive/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2025-08-15 21:48:51 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

ext/ldap: Fix GH-16132 (Freeing pointer not allocated by ZMM)

Browse source 
Closes GH-16134
This commit is contained in:
Gina Peter Banyard 2024-09-30 17:36:23 +01:00
parent 332b067c5e
commit c910e78c39
No known key found for this signature in database
GPG key ID: 3306078E3194AEBD
3 changed files with 60 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

4
ext/ldap/ldap.c
View file

@ -2181,6 +2181,8 @@ static void php_ldap_do_modify(INTERNAL_FUNCTION_PARAMETERS, int oper, int ext)
convert_to_string(value);
if (EG(exception)) {
RETVAL_FALSE;
num_berval[i] = 0;
num_attribs = i + 1;
goto cleanup;
}
ldap_mods[i]->mod_bvalues[0] = (struct berval *) emalloc (sizeof(struct berval));
@ -2197,6 +2199,8 @@ static void php_ldap_do_modify(INTERNAL_FUNCTION_PARAMETERS, int oper, int ext)
}
convert_to_string(ivalue);
if (EG(exception)) {
num_berval[i] = j;
num_attribs = i + 1;
RETVAL_FALSE;
goto cleanup;
}

28
ext/ldap/tests/gh16132-1.phpt Normal file
View file

@ -0,0 +1,28 @@
--TEST--
Bug GH-16132: Attempting to free pointer not allocated by ZMM
--EXTENSIONS--
ldap
--FILE--
<?php
/* ldap_add(_ext)(), ldap_mod_replace(_ext)(), ldap_mod_add(_ext)(), and ldap_mod_del(_ext)() share an underlying C function */
/* We are assuming 3333 is not connectable */
$ldap = ldap_connect('ldap://127.0.0.1:3333');
$valid_dn = "cn=userA,something";
$dict_key_value_not_string = [
'attribute1' => new stdClass(),
'attribute2' => [
'value1',
'value2',
],
];
try {
var_dump(ldap_add($ldap, $valid_dn, $dict_key_value_not_string));
} catch (Throwable $e) {
echo $e::class, ': ', $e->getMessage(), PHP_EOL;
}
?>
--EXPECT--
Error: Object of class stdClass could not be converted to string

28
ext/ldap/tests/gh16132-2.phpt Normal file
View file

@ -0,0 +1,28 @@
--TEST--
Bug GH-16132: Attempting to free pointer not allocated by ZMM
--EXTENSIONS--
ldap
--FILE--
<?php
/* ldap_add(_ext)(), ldap_mod_replace(_ext)(), ldap_mod_add(_ext)(), and ldap_mod_del(_ext)() share an underlying C function */
/* We are assuming 3333 is not connectable */
$ldap = ldap_connect('ldap://127.0.0.1:3333');
$valid_dn = "cn=userA,something";
$dict_key_multi_value_not_list_of_strings2 = [
'attribute1' => 'value',
'attribute2' => [
'value1',
new stdClass(),
],
];
try {
var_dump(ldap_add($ldap, $valid_dn, $dict_key_multi_value_not_list_of_strings2));
} catch (Throwable $e) {
echo $e::class, ': ', $e->getMessage(), PHP_EOL;
}
?>
--EXPECT--
Error: Object of class stdClass could not be converted to string