Fix null byte in LDAP bindings

diff --git a/NEWS b/NEWS
index 66f0d05645a7ceefc93840c36a8789d928ce434b..2d98de7fa0ca4847e04559777da1b97edc5a4625 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -37,6 +37,9 @@ PHP                                                                        NEWS
   . Fixed bug #66021 (Blank line inside empty array/object when
     JSON_PRETTY_PRINT is set). (Kevin Israel)
 
+- LDAP:
+  . Fixed issue with null bytes in LDAP bindings. (Matthew Daley)
+
 - SimpleXML:
   . Fixed bug #66084 (simplexml_load_string() mangles empty node name)
     (Anatol)

diff --git a/ext/ldap/ldap.c b/ext/ldap/ldap.c
index 9d3a710b6044a60680c60f4480b83d12b9bf1cc2..9fe48a03aa04ed57ef752b0aad632b912205545f 100644 (file)
--- a/ext/ldap/ldap.c
+++ b/ext/ldap/ldap.c
@@ -399,6 +399,16 @@ PHP_FUNCTION(ldap_bind)
                RETURN_FALSE;
        }
 
+       if (ldap_bind_dn != NULL && memchr(ldap_bind_dn, '\0', ldap_bind_dnlen) != NULL) {
+               php_error_docref(NULL TSRMLS_CC, E_WARNING, "DN contains a null byte");
+               RETURN_FALSE;
+       }
+
+       if (ldap_bind_pw != NULL && memchr(ldap_bind_pw, '\0', ldap_bind_pwlen) != NULL) {
+               php_error_docref(NULL TSRMLS_CC, E_WARNING, "Password contains a null byte");
+               RETURN_FALSE;
+       }
+
        ZEND_FETCH_RESOURCE(ld, ldap_linkdata *, &link, -1, "ldap link", le_link);
 
        if ((rc = ldap_bind_s(ld->link, ldap_bind_dn, ldap_bind_pw, LDAP_AUTH_SIMPLE)) != LDAP_SUCCESS) {