From: Patrick Allaert <patrickallaert@php.net>
Date: Tue, 1 Sep 2009 08:42:10 +0000 (+0000)
Subject: Fixing #49424 (#48696): segfault while using ldap_search(), ldap_read(),...
X-Git-Tag: php-5.2.11RC2~6
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=7c56a4d49843385c70e32f497178bcb4b017f43a;p=php

Fixing #49424 (#48696): segfault while using ldap_search(), ldap_read(),...
---

diff --git a/ext/ldap/ldap.c b/ext/ldap/ldap.c
index a59df54ca6..32db2138f6 100644
--- a/ext/ldap/ldap.c
+++ b/ext/ldap/ldap.c
@@ -687,7 +687,7 @@ static void php_ldap_do_search(INTERNAL_FUNCTION_PARAMETERS, int scope)
 	char *ldap_base_dn = NULL;
 	char *ldap_filter = NULL;
 	char **ldap_attrs = NULL; 
-	ldap_linkdata *ld;
+	ldap_linkdata *ld = NULL;
 	LDAPMessage *ldap_res;
 	int ldap_attrsonly = 0;
 	int ldap_sizelimit = -1; 
@@ -903,8 +903,10 @@ cleanup_parallel:
 	}
 
 cleanup:
-	// Restoring previous options
-	php_set_opts(ld->link, old_ldap_sizelimit, old_ldap_timelimit, old_ldap_deref, &ldap_sizelimit, &ldap_timelimit, &ldap_deref);
+	if (ld) {
+		/* Restoring previous options */	
+		php_set_opts(ld->link, old_ldap_sizelimit, old_ldap_timelimit, old_ldap_deref, &ldap_sizelimit, &ldap_timelimit, &ldap_deref);
+	}
 	if (ldap_attrs != NULL) {
 		efree(ldap_attrs);
 	}
diff --git a/ext/ldap/tests/bug48696.phpt b/ext/ldap/tests/bug48696.phpt
new file mode 100644
index 0000000000..3cef186a33
--- /dev/null
+++ b/ext/ldap/tests/bug48696.phpt
@@ -0,0 +1,10 @@
+--TEST--
+Bug #48696 (ldap_read() segfaults with invalid parameters)
+--FILE--
+<?php
+
+ldap_read(1,1,1);
+
+?>
+--EXPECTF--
+Warning: ldap_read(): supplied argument is not a valid ldap link resource in %s on line %d