Fix null byte in LDAP bindings

diff --git a/ext/ldap/ldap.c b/ext/ldap/ldap.c
index 10daa82f3681c77046540a756c7f6dd4aeee5ec2..da5aa5f9cde32917d7b124b09df8493a4f1bb222 100644 (file)
--- a/ext/ldap/ldap.c
+++ b/ext/ldap/ldap.c
@@ -399,6 +399,16 @@ PHP_FUNCTION(ldap_bind)
                RETURN_FALSE;
        }
 
+       if (ldap_bind_dn != NULL && memchr(ldap_bind_dn, '\0', ldap_bind_dnlen) != NULL) {
+               php_error_docref(NULL TSRMLS_CC, E_WARNING, "DN contains a null byte");
+               RETURN_FALSE;
+       }
+
+       if (ldap_bind_pw != NULL && memchr(ldap_bind_pw, '\0', ldap_bind_pwlen) != NULL) {
+               php_error_docref(NULL TSRMLS_CC, E_WARNING, "Password contains a null byte");
+               RETURN_FALSE;
+       }
+
        ZEND_FETCH_RESOURCE(ld, ldap_linkdata *, &link, -1, "ldap link", le_link);
 
        if ((rc = ldap_bind_s(ld->link, ldap_bind_dn, ldap_bind_pw, LDAP_AUTH_SIMPLE)) != LDAP_SUCCESS) {