PHP :: Request #27576 :: Race condition inherent in php

Race condition inherent in php_ldap

Submitted:

2004-03-11 20:09 UTC

Modified:

2017-07-26 10:11 UTC

Votes:	2
Avg. Score:	2.0 ± 1.0
Reproduced:	0 of 0 (0.0%)

From:

jcllings at javahop dot com

Assigned:

Status:

Not a bug

Package:

LDAP related

PHP Version:

7.1

OS:

Probably ALL

Private report:

CVE-ID:

None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	jcllings at javahop dot com
New email:
PHP Version:		OS:

New Comment:

[2004-03-11 20:09 UTC] jcllings at javahop dot com

Description:
------------
From the documentation: 

ldap_modify() function is used to modify the existing entries in the
LDAP directory. The structure of the entry is same as in ldap_add().

...and 

bool ldap_add ( resource link_identifier, string dn, array entry)

The replace also has the same prototype:
bool ldap_mod_replace ( resource link_identifier, string dn, array entry)

Where, according to the doc, 'resource link_identifier' is the connection, 'string dn' is who to bind as and 'array entry' is the modified data.  No ability to specify *what* to modify so we will have to perform a separate action to retrieve this.  In the meantime the data has been changed by another process, perhaps.

Allow me to further illustrate:

If Jon's email address is the old one, update it to the new one.  This activity cannot be safely performed because using PHP you have to implement it in a two step process creating a potential race condition.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2004-03-12 03:28 UTC] derick@php.net

This is not really a bug, but more a feature request. Reclassifying.

[2016-12-30 18:56 UTC] cmb@php.net

-Package: Feature/Change Request +Package: LDAP related

[2017-01-09 06:32 UTC] heiglandreas@php.net

-PHP Version: 4.3.5RC3 +PHP Version: 7.1

[2017-07-26 10:11 UTC] mcmic@php.net

-Status: Open +Status: Not a bug

[2017-07-26 10:11 UTC] mcmic@php.net

No, the dn is the dn to modify.

You can use:
ldap_modify($ldap, 'cn=jon,dc=base', ['mail' => 'newmail@example.com']) to change the mail address of jon. No race conditions.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Fri Mar 14 23:01:29 2025 UTC