php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #78450 ldap_parse_result() sets size of LDAP Controll LDAP_CONTROL_PAGEDRESULTS to 0
Submitted: 2019-08-24 11:38 UTC Modified: 2019-08-24 13:03 UTC
Votes:2
Avg. Score:3.0 ± 0.0
Reproduced:2 of 2 (100.0%)
Same Version:2 (100.0%)
Same OS:2 (100.0%)
From: kagome at opentrash dot com Assigned:
Status: Verified Package: LDAP related
PHP Version: 7.3.8 OS: Windows 10 / Server 2016
Private report: No CVE-ID: None
Have you experienced this issue?
Rate the importance of this bug to you:

 [2019-08-24 11:38 UTC] kagome at opentrash dot com
Description:
------------
ldap_parse_result() sets "size" of LDAP Control LDAP_CONTROL_PAGEDRESULTS to 0 instead of keeping the old value.

Test script:
---------------
Basicly the Code is the same as here: https://www.php.net/manual/en/function.ldap-control-paged-result.php
$searchValue = ldap_escape("P", null, LDAP_ESCAPE_FILTER); // Looking for Computers that has P in name (in my Case more than 2000)
// $ldapconn is a valid link identifier for a directory server
// $ldaptree is a valid ldaptree
$serverctrls = array(); // I need paged results because the Active Directory shows only 1000 Entries max.
$serverctrls[LDAP_CONTROL_PAGEDRESULTS] = array("oid" => LDAP_CONTROL_PAGEDRESULTS,
                                                "value" => array("size" => 999,
                                                                "cookie" => ""));
$resultData = array(); // Array to store all results
do
{
    var_dump($serverctrls);
    $result = ldap_search($ldapconn,
                            $ldaptree,
                            "(&(objectClass=person)(objectClass=user)(objectClass=organizationalPerson)(objectClass=computer)(|(samaccountname=*".$searchValue."*)(name=*".$searchValue."*)))",
                            array("*"), // default Parameter https://www.php.net/manual/en/function.ldap-search.php
                            0, // default Parameter
                            -1, // default Parameter
                            -1, // default Parameter
                            LDAP_DEREF_NEVER, // default Parameter
                            $serverctrls);
    $errcode = $dn = $errmsg = $refs =  null;
    ldap_parse_result($this->ldapconn, $result, $errcode, $dn, $errmsg, $refs ,$serverctrls); // this will update my LDAP Controlls $serverctrls with Cookie infos
    $data = ldap_get_entries($this->ldapconn, $result);
    for ($i=0; $i<$data["count"]; $i++)
    {
        array_push($resultData, $data[$i]); // push all single Entries to a big array
    }
}while($serverctrls[LDAP_CONTROL_PAGEDRESULTS]['value']['cookie'] !== null && $serverctrls[LDAP_CONTROL_PAGEDRESULTS]['value']['cookie'] != '');
return $resultData;

Expected result:
----------------
Check the var_dump line:
On first run in do-Loop I expect:
array(1) {
  ["1.2.840.113556.1.4.319"]=>
  array(2) {
    ["oid"]=>
    string(22) "1.2.840.113556.1.4.319"
    ["value"]=>
    array(2) {
      ["size"]=>
      int(999)
      ["cookie"]=>
      string(0) ""
    }
  }
}

on the second run in do-Loop I expect:

array(1) {
  ["1.2.840.113556.1.4.319"]=>
  array(2) {
    ["oid"]=>
    string(22) "1.2.840.113556.1.4.319"
    ["value"]=>
    array(2) {
      ["size"]=>
      int(999)
      ["cookie"]=>
      string(0) "CookieContentInformation-bla"
    }
  }
}

So Cookie Information is filled.

Actual result:
--------------
What I get on second run in do-Loop is:

array(1) {
  ["1.2.840.113556.1.4.319"]=>
  array(2) {
    ["oid"]=>
    string(22) "1.2.840.113556.1.4.319"
    ["value"]=>
    array(2) {
      ["size"]=>
      int(0)
      ["cookie"]=>
      string(0) "CookieContentInformation-bla"
    }
  }
}

Why is "size"-key now 0?

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2019-08-24 13:03 UTC] cmb@php.net
-Status: Open +Status: Verified
 [2019-08-24 13:03 UTC] cmb@php.net
It seems to me that the implementation of ldap_parse_result() is
severly broken, since it confuses zvals with completely unrelated
types.
 
PHP Copyright © 2001-2020 The PHP Group
All rights reserved.
Last updated: Sun Jul 05 14:01:39 2020 UTC