php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #70465 Bug in ldap_search() modifies LDAP_OPT_TIMELIMIT/DEREF's values
Submitted: 2015-09-09 01:58 UTC Modified: 2015-09-09 09:34 UTC
From: tandre at ifwe dot co Assigned: mcmic
Status: Closed Package: LDAP related
PHP Version: 5.5.29 OS: All
Private report: No CVE-ID:
 [2015-09-09 01:58 UTC] tandre at ifwe dot co
Description:
------------
LDAP_OPT_TIMELIMIT and LDAP_OPT_DEREF's original values weren't
saved properly because of a bug introduced when copy and pasting.

This lead to the original timeout being changed
when specifying a temporary override (e.g. for ldap_search(..., $timeout))

(Discovered on PHP-5.6.12 on Centos 6.5, using openLDAP libraries)
(Fixed in https://github.com/php/php-src/pull/1512)
(PHP-5.5 and 5.4 are also affected, but a separate patch would be needed for 5.4 because of merge conflicts)

Test script:
---------------
https://github.com/TysonAndre/php-src/blob/ldap-fix-saving-timeout-and-dereference/ext/ldap/tests/ldap_search_overrides.phpt

It can be simplified to:

$link = ldap_connect($host);
ldap_set_option($link, LDAP_OPT_DEREF, LDAP_DEREF_SEARCHING);
ldap_set_option($link, LDAP_OPT_SIZELIMIT, 123);
ldap_set_option($link, LDAP_OPT_TIMELIMIT, 33);
ldap_search($link, $base, $filter, array(), null, 111, 222, LDAP_DEREF_NEVER);
var_dump(
    ldap_get_option($link, LDAP_OPT_DEREF, $option),
    $option,
    ldap_get_option($link, LDAP_OPT_SIZELIMIT, $option),
    $option,
    ldap_get_option($link, LDAP_OPT_TIMELIMIT, $option),
    $option
);


Expected result:
----------------
After executing ldap_search with overrides, I expect ldap_get_option to return the original values of LDAP_OPT_TIMELIMIT and LDAP_OPT_DEREF set by ldap_set_option.

Actual result:
--------------
The value of ldap_get_option($link, LDAP_OPT_DEREF, $option) was clobbered by the $sizelimit override (111)
The value of ldap_get_option($link, LDAP_OPT_TIMELIMIT, $option) was clobbered by the $sizelimit override (111).


Patches

ldap-fix-saving-timeout-and-dereference (last revision 2015-09-09 01:59 UTC) by tandre at ifwe dot co)

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2015-09-09 09:34 UTC] mcmic@php.net
-Status: Open +Status: Closed -Assigned To: +Assigned To: mcmic
 [2015-09-09 09:34 UTC] mcmic@php.net
The fix for this bug has been committed.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.

 For Windows:

http://windows.php.net/snapshots/
 
Thank you for the report, and for helping us make PHP better.

Fixed in PHP-5.6 and master (see https://github.com/php/php-src/pull/1512 )
 
PHP Copyright © 2001-2017 The PHP Group
All rights reserved.
Last updated: Tue Aug 29 15:01:52 2017 UTC