From: Stanislav Malyshev <stas@php.net>
Date: Mon, 14 Apr 2014 03:43:46 +0000 (-0700)
Subject: Fix null byte in LDAP bindings
X-Git-Tag: php-5.6.0beta2~1^2~67^2~1
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=59900dd37f836cab2a96e449eace2fa97996aa85;p=php

Fix null byte in LDAP bindings
---

diff --git a/ext/ldap/ldap.c b/ext/ldap/ldap.c
index f5583cd8c0..50055a25a7 100644
--- a/ext/ldap/ldap.c
+++ b/ext/ldap/ldap.c
@@ -405,6 +405,16 @@ PHP_FUNCTION(ldap_bind)
 		RETURN_FALSE;
 	}
 
+	if (ldap_bind_dn != NULL && memchr(ldap_bind_dn, '\0', ldap_bind_dnlen) != NULL) {
+		php_error_docref(NULL TSRMLS_CC, E_WARNING, "DN contains a null byte");
+		RETURN_FALSE;
+	}
+
+	if (ldap_bind_pw != NULL && memchr(ldap_bind_pw, '\0', ldap_bind_pwlen) != NULL) {
+		php_error_docref(NULL TSRMLS_CC, E_WARNING, "Password contains a null byte");
+		RETURN_FALSE;
+	}
+
 	ZEND_FETCH_RESOURCE(ld, ldap_linkdata *, &link, -1, "ldap link", le_link);
 
 	if ((rc = ldap_bind_s(ld->link, ldap_bind_dn, ldap_bind_pw, LDAP_AUTH_SIMPLE)) != LDAP_SUCCESS) {