PHP :: Bug #48696 :: ldap_read() segfaults with invalid parameters

Bug #48696	ldap_read() segfaults with invalid parameters
Submitted:	2009-06-25 14:45 UTC	Modified:	2009-06-25 15:49 UTC
From:	felipe@php.net	Assigned:	felipe (profile)
Status:	Closed	Package:	LDAP related
PHP Version:	5.3CVS-2009-06-25 (CVS)	OS:	Linux
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	felipe@php.net
New email:
PHP Version:		OS:

New Comment:

[2009-06-25 14:45 UTC] felipe@php.net

Description:
------------
See below.

Reproduce code:
---------------
ldap_read(1,1,1);

Expected result:
----------------
Warning: ldap_read(): supplied argument is not a valid ldap link resource in Command line code on line 1

Actual result:
--------------
Warning: ldap_read(): supplied argument is not a valid ldap link resource in Command line code on line 1

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0xb75756c0 (LWP 22084)]
0x0820b9ac in php_ldap_do_search (ht=3, return_value=0xa333094, return_value_ptr=0x0, this_ptr=0x0, return_value_used=0, tsrm_ls=0xa19a070, scope=0)
    at /home/felipe/dev/php5/ext/ldap/ldap.c:810
810		php_set_opts(ld->link, old_ldap_sizelimit, old_ldap_timelimit, old_ldap_deref, &ldap_sizelimit, &ldap_timelimit, &ldap_deref);
(gdb) bt
#0  0x0820b9ac in php_ldap_do_search (ht=3, return_value=0xa333094, return_value_ptr=0x0, this_ptr=0x0, return_value_used=0, tsrm_ls=0xa19a070, scope=0)
    at /home/felipe/dev/php5/ext/ldap/ldap.c:810
#1  0x0820baab in zif_ldap_read (ht=3, return_value=0xa333094, return_value_ptr=0x0, this_ptr=0x0, return_value_used=0, tsrm_ls=0xa19a070)
    at /home/felipe/dev/php5/ext/ldap/ldap.c:824
#2  0x084a2328 in zend_do_fcall_common_helper_SPEC (execute_data=0xa361a54, tsrm_ls=0xa19a070) at /home/felipe/dev/php5/Zend/zend_vm_execute.h:313
#3  0x084a848f in ZEND_DO_FCALL_SPEC_CONST_HANDLER (execute_data=0xa361a54, tsrm_ls=0xa19a070) at /home/felipe/dev/php5/Zend/zend_vm_execute.h:1601
#4  0x084a10ef in execute (op_array=0xa332f90, tsrm_ls=0xa19a070) at /home/felipe/dev/php5/Zend/zend_vm_execute.h:104
#5  0x084607f8 in zend_eval_stringl (str=0xbfc22807 "ldap_read(1,1,1);", str_len=17, retval_ptr=0x0, string_name=0x883dd94 "Command line code", 
    tsrm_ls=0xa19a070) at /home/felipe/dev/php5/Zend/zend_execute_API.c:1159
#6  0x08460a7f in zend_eval_stringl_ex (str=0xbfc22807 "ldap_read(1,1,1);", str_len=17, retval_ptr=0x0, string_name=0x883dd94 "Command line code", 
    handle_exceptions=1, tsrm_ls=0xa19a070) at /home/felipe/dev/php5/Zend/zend_execute_API.c:1200
#7  0x08460b33 in zend_eval_string_ex (str=0xbfc22807 "ldap_read(1,1,1);", retval_ptr=0x0, string_name=0x883dd94 "Command line code", handle_exceptions=1, 
    tsrm_ls=0xa19a070) at /home/felipe/dev/php5/Zend/zend_execute_API.c:1211
#8  0x085525a6 in main (argc=3, argv=0xbfc21ad4) at /home/felipe/dev/php5/sapi/cli/php_cli.c:1227

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2009-06-25 15:49 UTC] felipe@php.net

This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.

[2009-09-01 08:42 UTC] svn@php.net

Automatic comment from SVN on behalf of patrickallaert
Revision: http://svn.php.net/viewvc/?view=revision&revision=287936
Log: Fixing #49424 (#48696): segfault while using ldap_search(), ldap_read(),...

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Thu Nov 21 13:01:29 2024 UTC