php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #36559 ldap_search Causes Access Violation
Submitted: 2006-02-28 16:16 UTC Modified: 2006-06-14 16:34 UTC
Votes:2
Avg. Score:4.5 ± 0.5
Reproduced:1 of 2 (50.0%)
Same Version:1 (100.0%)
Same OS:1 (100.0%)
From: joseph dot r dot gruber at lmco dot com Assigned:
Status: Not a bug Package: LDAP related
PHP Version: 5.1.2 OS: Windows 2000 SP4
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: joseph dot r dot gruber at lmco dot com
New email:
PHP Version: OS:

 

 [2006-02-28 16:16 UTC] joseph dot r dot gruber at lmco dot com 
Description:
------------
When attempting to search a Windows 2000 Active Directory via LDAP, PHP will crash with an Access Violation.  This will only occur during certain (reproducible) LDAP queries.  For example:

Works: 
$s = ldap_search($conn,"DC=u,DC=contoso,DC=com","(&(objectCategory=group)(name=group.name.domain))",array("cn","samaccountname"));

Doesn't Work:
$s = ldap_search($conn,"DC=u,DC=contoso,DC=com","(&(objectCategory=group)(name=group.name.domain2))",array("cn","samaccountname"));

Where the only difference is in the filter.

Server: IIS 5.1 on Windows 2000 with PHP 5.1.2.  Attempted 5.1.3 (latest snapshot) and issue still occurs.

Reproduce code:
---------------
<?
$conn = ldap_connect("rootdc.contoso.com");
ldap_set_option($conn, LDAP_OPT_PROTOCOL_VERSION, 3);

$bind = ldap_bind($conn, "user@contoso.com", "paSSw0rd");

$filter = "(&(objectCategory=group)(name=group.name.domain2))";
$fields = array("member","cn","description","distinguishedname","objectcategory","samaccountname","canonicalname");
$search = ldap_search($conn,"DC=u,DC=contoso,DC=com",$filter,$fields);

$entries = ldap_get_entries($conn, $search);

var_dump($entries);
?>

Expected result:
----------------
Expected to return fields listed in the $fields array in the $entries array.

Actual result:
--------------
The page load terminates and reports: "PHP has encountered an Access Violation at 01CE5CE6"

Backtrace (NOTE: php.exe used for debugging.  Normally use IIS5.1 w/php5isapi.dll):

Unhandled exception in php.exe (PHP_LDAP.dll): 0xC0000005: Access Violation

Call Stack:
PHP_LDAP! 00f95ce6()

Disassembly:
00F95CE6   mov   eax,dword ptr [esi+18h]

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2006-02-28 16:24 UTC] joseph dot r dot gruber at lmco dot com 
Updated Backtrace:

PHP_LDAP! ldap_result + 822 bytes
PHP_LDAP! ldap_result + 79 bytes
PHP_LDAP! ldap_sasl_bind_s + 152 bytes
PHP_LDAP! ldap_simple_bind_s + 108 bytes
PHP_LDAP! ldap_bind_s + 75 bytes
PHP_LDAP! ldap_new_connection + 458 bytes
PHP_LDAP! ldap_send_server_request + 132 bytes
PHP_LDAP! ldap_chase_v3referrals + 462 bytes
PHP_LDAP! ldap_result + 1659 bytes
PHP_LDAP! ldap_result + 874 bytes
PHP_LDAP! ldap_result + 79 bytes
PHP_LDAP! ldap_sasl_bind_s + 152 bytes
PHP_LDAP! ldap_simple_bind_s + 108 bytes
PHP_LDAP! ldap_bind_s + 75 bytes
PHP_LDAP! ldap_new_connection + 458 bytes
PHP_LDAP! ldap_send_server_request + 132 bytes
PHP_LDAP! ldap_chase_v3referrals + 462 bytes
PHP_LDAP! ldap_result + 1659 bytes
PHP_LDAP! ldap_result + 874 bytes
PHP_LDAP! ldap_result + 79 bytes
PHP_LDAP! ldap_sasl_bind_s + 152 bytes
PHP_LDAP! ldap_simple_bind_s + 108 bytes
PHP_LDAP! ldap_bind_s + 75 bytes
PHP_LDAP! ldap_new_connection + 458 bytes
PHP_LDAP! ldap_send_server_request + 132 bytes
PHP_LDAP! ldap_chase_v3referrals + 462 bytes
PHP_LDAP! ldap_result + 1659 bytes
PHP_LDAP! ldap_result + 874 bytes
PHP_LDAP! ldap_result + 79 bytes
PHP_LDAP! ldap_search_s + 67 bytes
php_ldap_do_search(int 0x00f92325, _zval_struct * 0x00d411f4, _zval_struct * * 0x00d4dc18, _zval_struct * 0x00000000, int 0x00000000, void * * * 0x00000001, int 0x00ba24c0) line 874 + 37 bytes
zif_ldap_search(int 0x00000004, _zval_struct * 0x00d4dc18, _zval_struct * * 0x00000000, _zval_struct * 0x00000000, int 0x00000001, void * * * 0x00ba24c0) line 925 + 37 bytes
PHP5TS! 10018f02()
 [2006-03-02 15:32 UTC] joseph dot r dot gruber at lmco dot com 
Update:  This issue is occuring in the 5.1.x-dev snap as well as the 6.0-dev snap.

The issue also only occurs on Windows 2000.  It does not occur on Windows 2003 nor Windows XP.
 [2006-06-14 16:34 UTC] sniper@php.net 
There's something wrong with your win2k system. No bug, works fine for me.
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Fri Mar 14 23:01:29 2025 UTC