MFH(r-1.147): Fix Bug #25525 ldap_explode_dn() crashes when passed invalid params

diff --git a/NEWS b/NEWS
index cba30eeb9813202e2bcb3e349a79fba7e65c745b..c73958454a817eb67cbc27f903b7687cc3d8f22e 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -7,6 +7,8 @@ PHP 4                                                                      NEWS
 - Fixed crash bug when non-existing save/serializer handler was used. (Jani)
 - Fixed memory leak in gethostbynamel() if an error occurs. (Sara)
 - Fixed FastCGI being unable to bind to a specific IP. (Sascha)
+- Fixed bug #25525 (ldap_explode_dn() crashes when passed invalid dn).
+  (Sara, patch by: mikael dot suvi at trigger dot ee)
 - Fixed bug #25504 (pcre_match_all() crashes when passed only 2 parameters).
   (Jani)
 - Fixed bug #25494 (array_merge*() allows non-arrays as argument). (Jay)

diff --git a/ext/ldap/ldap.c b/ext/ldap/ldap.c
index 62eb93eca0a9e821a574cb5466fd2b49ede9d6bd..eef7428a186a318fbc51efb5f50f9619f2b5f422 100644 (file)
--- a/ext/ldap/ldap.c
+++ b/ext/ldap/ldap.c
@@ -1208,7 +1208,10 @@ PHP_FUNCTION(ldap_explode_dn)
        convert_to_string_ex(dn);
        convert_to_long_ex(with_attrib);
 
-       ldap_value = ldap_explode_dn(Z_STRVAL_PP(dn), Z_LVAL_PP(with_attrib));
+       if (!(ldap_value = ldap_explode_dn(Z_STRVAL_PP(dn), Z_LVAL_PP(with_attrib)))) {
+               /* Invalid parameters were passed to ldap_explode_dn */
+               RETURN_FALSE;
+       }
 
        i=0;
        while(ldap_value[i] != NULL) i++;