php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #78450 ldap_parse_result() sets size of LDAP Controll LDAP_CONTROL_PAGEDRESULTS to 0
Submitted: 2019-08-24 11:38 UTC Modified: 2021-03-23 13:45 UTC
Votes:2
Avg. Score:3.0 ± 0.0
Reproduced:2 of 2 (100.0%)
Same Version:2 (100.0%)
Same OS:2 (100.0%)
From: kagome at opentrash dot com Assigned:
Status: Not a bug Package: LDAP related
PHP Version: 7.3.8 OS: Windows 10 / Server 2016
Private report: No CVE-ID: None
View Add Comment Developer Edit
 [2019-08-24 11:38 UTC] kagome at opentrash dot com 
Description:
------------
ldap_parse_result() sets "size" of LDAP Control LDAP_CONTROL_PAGEDRESULTS to 0 instead of keeping the old value.

Test script:
---------------
Basicly the Code is the same as here: https://www.php.net/manual/en/function.ldap-control-paged-result.php
$searchValue = ldap_escape("P", null, LDAP_ESCAPE_FILTER); // Looking for Computers that has P in name (in my Case more than 2000)
// $ldapconn is a valid link identifier for a directory server
// $ldaptree is a valid ldaptree
$serverctrls = array(); // I need paged results because the Active Directory shows only 1000 Entries max.
$serverctrls[LDAP_CONTROL_PAGEDRESULTS] = array("oid" => LDAP_CONTROL_PAGEDRESULTS,
                                                "value" => array("size" => 999,
                                                                "cookie" => ""));
$resultData = array(); // Array to store all results
do
{
    var_dump($serverctrls);
    $result = ldap_search($ldapconn,
                            $ldaptree,
                            "(&(objectClass=person)(objectClass=user)(objectClass=organizationalPerson)(objectClass=computer)(|(samaccountname=*".$searchValue."*)(name=*".$searchValue."*)))",
                            array("*"), // default Parameter https://www.php.net/manual/en/function.ldap-search.php
                            0, // default Parameter
                            -1, // default Parameter
                            -1, // default Parameter
                            LDAP_DEREF_NEVER, // default Parameter
                            $serverctrls);
    $errcode = $dn = $errmsg = $refs =  null;
    ldap_parse_result($this->ldapconn, $result, $errcode, $dn, $errmsg, $refs ,$serverctrls); // this will update my LDAP Controlls $serverctrls with Cookie infos
    $data = ldap_get_entries($this->ldapconn, $result);
    for ($i=0; $i<$data["count"]; $i++)
    {
        array_push($resultData, $data[$i]); // push all single Entries to a big array
    }
}while($serverctrls[LDAP_CONTROL_PAGEDRESULTS]['value']['cookie'] !== null && $serverctrls[LDAP_CONTROL_PAGEDRESULTS]['value']['cookie'] != '');
return $resultData;

Expected result:
----------------
Check the var_dump line:
On first run in do-Loop I expect:
array(1) {
  ["1.2.840.113556.1.4.319"]=>
  array(2) {
    ["oid"]=>
    string(22) "1.2.840.113556.1.4.319"
    ["value"]=>
    array(2) {
      ["size"]=>
      int(999)
      ["cookie"]=>
      string(0) ""
    }
  }
}

on the second run in do-Loop I expect:

array(1) {
  ["1.2.840.113556.1.4.319"]=>
  array(2) {
    ["oid"]=>
    string(22) "1.2.840.113556.1.4.319"
    ["value"]=>
    array(2) {
      ["size"]=>
      int(999)
      ["cookie"]=>
      string(0) "CookieContentInformation-bla"
    }
  }
}

So Cookie Information is filled.

Actual result:
--------------
What I get on second run in do-Loop is:

array(1) {
  ["1.2.840.113556.1.4.319"]=>
  array(2) {
    ["oid"]=>
    string(22) "1.2.840.113556.1.4.319"
    ["value"]=>
    array(2) {
      ["size"]=>
      int(0)
      ["cookie"]=>
      string(0) "CookieContentInformation-bla"
    }
  }
}

Why is "size"-key now 0?

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2019-08-24 13:03 UTC] cmb@php.net
-Status: Open +Status: Verified
 [2019-08-24 13:03 UTC] cmb@php.net 
It seems to me that the implementation of ldap_parse_result() is
severly broken, since it confuses zvals with completely unrelated
types.
 [2021-03-22 11:04 UTC] mcmic@php.net 
No, your code is not the same as the example, you use the same array for request and response, and thus you erase your request control with the response control.

In the RFC for paged control: «In the control returned to the client, the
   size MAY be set to the server's estimate of the total number of
   entries in the entire result set. Servers that cannot provide such an
   estimate MAY set this size to zero (0).»

So it is expected that size may be 0 in the response control, and it will NOT be the page size anyway.
 [2021-03-23 13:37 UTC] cmb@php.net 
Disregard my comment above; I totally misread the code.
 [2021-03-23 13:45 UTC] mcmic@php.net
-Status: Verified +Status: Not a bug
 [2021-03-23 13:45 UTC] mcmic@php.net 
Thank you for taking the time to write to us, but this is not
a bug. Please double-check the documentation available at
http://www.php.net/manual/ and the instructions on how to report
a bug at http://bugs.php.net/how-to-report.php
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Sat Apr 20 06:01:28 2024 UTC