Fix null byte in LDAP bindings

2024-11-24 18:34:21 +08:00 · 2014-04-13 20:43:46 -07:00 · 2014-04-13 20:43:46 -07:00 · 59900dd37f
commit 59900dd37f
parent 41569b1029
1 changed files with 10 additions and 0 deletions
--- a/ext/ldap/ldap.c
+++ b/ext/ldap/ldap.c
@ -405,6 +405,16 @@ PHP_FUNCTION(ldap_bind)
 		RETURN_FALSE;
 	}

+	if (ldap_bind_dn != NULL && memchr(ldap_bind_dn, '\0', ldap_bind_dnlen) != NULL) {
+		php_error_docref(NULL TSRMLS_CC, E_WARNING, "DN contains a null byte");
+		RETURN_FALSE;
+	}
+
+	if (ldap_bind_pw != NULL && memchr(ldap_bind_pw, '\0', ldap_bind_pwlen) != NULL) {
+		php_error_docref(NULL TSRMLS_CC, E_WARNING, "Password contains a null byte");
+		RETURN_FALSE;
+	}
+
 	ZEND_FETCH_RESOURCE(ld, ldap_linkdata *, &link, -1, "ldap link", le_link);

 	if ((rc = ldap_bind_s(ld->link, ldap_bind_dn, ldap_bind_pw, LDAP_AUTH_SIMPLE)) != LDAP_SUCCESS) {