Skip to content

ext/ldap: Various NULL pointer dereferencements in ldap_modify_batch() #16032

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
Girgias opened this issue Sep 24, 2024 · 0 comments
Closed

ext/ldap: Various NULL pointer dereferencements in ldap_modify_batch() #16032

Girgias opened this issue Sep 24, 2024 · 0 comments
Assignees
@Girgias
Labels
Bug Extension: ldap Status: Verified

Comments

@Girgias
Copy link
Member

Girgias commented Sep 24, 2024

Description

The following code:

<?php

/* We are assuming 3333 is not connectable */
$ldap = ldap_connect('ldap://127.0.0.1:3333');
$valid_dn = "cn=userA,something";

$modification_missing_attrib_key = [
    [
        "modtype" => LDAP_MODIFY_BATCH_ADD,
        "values"  => ["value1"],
    ],
];
try {
    var_dump(ldap_modify_batch($ldap, $valid_dn, $modification_missing_attrib_key));
} catch (Throwable $e) {
    echo $e::class, ': ', $e->getMessage(), PHP_EOL;
}

Resulted in this output:

home/girgias/Dev/php-src/ext/ldap/ldap.c:2762:28: runtime error: member access within null pointer of type 'struct zval'

But I expected this output instead:

A ValueError being thrown

Moreover, the following code:

<?php

/* We are assuming 3333 is not connectable */
$ldap = ldap_connect('ldap://127.0.0.1:3333');
$valid_dn = "cn=userA,something";

$modification_missing_modtype_key = [
    [
        "attrib"  => "attrib1",
        "values"  => ["value1"],
    ],
];
try {
    var_dump(ldap_modify_batch($ldap, $valid_dn, $modification_missing_modtype_key));
} catch (Throwable $e) {
    echo $e::class, ': ', $e->getMessage(), PHP_EOL;
}

Resulted in this output:

/home/girgias/Dev/php-src/ext/ldap/ldap.c:2741:11: runtime error: member access within null pointer of type 'struct zval'

But I expected this output instead:

A ValueError being thrown

PHP Version

PHP 8.2

Operating System

No response
@Girgias Girgias self-assigned this Sep 24, 2024
@Girgias Girgias mentioned this issue Sep 24, 2024
Merged
Girgias added a commit to Girgias/php-src that referenced this issue Sep 25, 2024
@Girgias
ext/ldap: Fix phpGH-16032 (Various NULL pointer dereferencements in l…
e36f517 
…dap_modify_batch())
Girgias added a commit that referenced this issue Sep 25, 2024
@Girgias
Merge branch 'PHP-8.2' into PHP-8.3
459486a 
* PHP-8.2:
  ext/ldap: Fix GH-16032 (Various NULL pointer dereferencements in ldap_modify_batch())
Girgias added a commit that referenced this issue Sep 25, 2024
@Girgias
Merge branch 'PHP-8.3' into PHP-8.4
18f61ad 
* PHP-8.3:
  ext/ldap: Fix GH-16032 (Various NULL pointer dereferencements in ldap_modify_batch())
Girgias added a commit that referenced this issue Sep 25, 2024
@Girgias
Merge branch 'PHP-8.4'
255f59e 
* PHP-8.4:
  ext/ldap: Fix GH-16032 (Various NULL pointer dereferencements in ldap_modify_batch())
jorgsowa pushed a commit to jorgsowa/php-src that referenced this issue Oct 1, 2024
@Girgias @jorgsowa
ext/ldap: Fix phpGH-16032 (Various NULL pointer dereferencements in l…
f59a389 
…dap_modify_batch())

We check that the "attrib" and "modtype" keys are present in each array.
If not we throw a ValueError, in line with what other validation failure cases do.

Closes phpGH-16057
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Girgias Girgias

Labels
Bug Extension: ldap Status: Verified
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@Girgias