php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #69574 ldap timeouts not enforced
Submitted: 2015-05-05 13:54 UTC Modified: 2015-09-10 10:00 UTC
From: ryan dot brothers at gmail dot com Assigned: mcmic
Status: Closed Package: LDAP related
PHP Version: 5.6.8 OS: Linux
Private report: No CVE-ID:
 [2015-05-05 13:54 UTC] ryan dot brothers at gmail dot com
Description:
------------
I am trying to simulate a LDAP server timing out.  I'm setting the options LDAP_OPT_NETWORK_TIMEOUT and LDAP_OPT_TIMELIMIT, but the script runs indefinitely without timing out.

In one ssh session, I am running the following command to simulate a socket listener:

nc -l 1234

If I run the below script in a second ssh session, it runs forever and never times out.

Is there a way to have this script timeout after a certain number of seconds?


Test script:
---------------
<?php
$ldap = ldap_connect('127.0.0.1:1234');

ldap_set_option($ldap, LDAP_OPT_NETWORK_TIMEOUT, 3);
ldap_set_option($ldap, LDAP_OPT_TIMELIMIT, 3);

ldap_bind($ldap);


Expected result:
----------------
Script times out in 3 seconds.


Actual result:
--------------
Script never times out.


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2015-09-09 13:47 UTC] mcmic@php.net
I can’t reproduce this, I tried your script, I got «PHP Warning:  ldap_connect(): Could not create session handle: Bad parameter to an ldap routine in /tmp/test.php on line 3»
So I replaced the call to ldap_connect by «$ldap = ldap_connect('127.0.0.1:1234');»
I launched «nc -l 1234» in a shell, in an other one the PHP script, I only got «PHP Warning:  ldap_bind(): Unable to bind to server: Can't contact LDAP server in /tmp/test.php on line 8» immediatly, not even after 3 seconds.

Not sure how to test this otherwise…
 [2015-09-09 13:48 UTC] mcmic@php.net
I meant I replaced it by «$ldap = ldap_connect('localhost', 1234);», sorry.
 [2015-09-09 13:51 UTC] mcmic@php.net
Ok, got it, I had to do «nc -l -p 1234» instead of «nc -l 1234».
I can reproduce the bug.
 [2015-09-09 13:51 UTC] mcmic@php.net
-Status: Open +Status: Assigned -Assigned To: +Assigned To: mcmic
 [2015-09-09 15:24 UTC] mcmic@php.net
Ok, so the problem is:

LDAP_OPT_TIMELIMIT is only for searches, not bind operations
LDAP_OPT_NETWORK_TIMEOUT is for socket level timeout, in your test there is no such thing as the nc is indeed listening on the socket.

What you need is LDAP_OPT_TIMEOUT from openldap, which is not available yet in PHP.
So I’m gonna add this to php-ldap as it seems usefull.
 [2015-09-10 10:00 UTC] mcmic@php.net
-Status: Assigned +Status: Closed
 [2015-09-10 10:00 UTC] mcmic@php.net
The fix for this bug has been committed.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.

 For Windows:

http://windows.php.net/snapshots/
 
Thank you for the report, and for helping us make PHP better.

I added support for LDAP_OPT_TIMEOUT, please check that it fixes your problem.
 
PHP Copyright © 2001-2017 The PHP Group
All rights reserved.
Last updated: Sat Jul 22 20:01:35 2017 UTC