equal
deleted
inserted
replaced
1 Fix for CVE-2014-8088 |
|
2 Patch: |
|
3 http://git.php.net/?p=php-src.git;a=commitdiff_plain;h=ed4de188dd1c15d278a8250e6be3cba142bba6af |
|
4 Code: |
|
5 http://git.php.net/?p=php-src.git;a=commitdiff;h=ed4de188dd1c15d278a8250e6be3cba142bba6af |
|
6 Verified by hand that it patches the correct code. |
|
7 |
|
8 |
|
9 diff --git a/ext/ldap/ldap.c b/ext/ldap/ldap.c |
|
10 index 10daa82..da5aa5f 100644 |
|
11 --- a/ext/ldap/ldap.c |
|
12 +++ b/ext/ldap/ldap.c |
|
13 @@ -399,6 +399,16 @@ PHP_FUNCTION(ldap_bind) |
|
14 RETURN_FALSE; |
|
15 } |
|
16 |
|
17 + if (ldap_bind_dn != NULL && memchr(ldap_bind_dn, '\0', ldap_bind_dnlen) != NULL) { |
|
18 + php_error_docref(NULL TSRMLS_CC, E_WARNING, "DN contains a null byte"); |
|
19 + RETURN_FALSE; |
|
20 + } |
|
21 + |
|
22 + if (ldap_bind_pw != NULL && memchr(ldap_bind_pw, '\0', ldap_bind_pwlen) != NULL) { |
|
23 + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Password contains a null byte"); |
|
24 + RETURN_FALSE; |
|
25 + } |
|
26 + |
|
27 ZEND_FETCH_RESOURCE(ld, ldap_linkdata *, &link, -1, "ldap link", le_link); |
|
28 |
|
29 if ((rc = ldap_bind_s(ld->link, ldap_bind_dn, ldap_bind_pw, LDAP_AUTH_SIMPLE)) != LDAP_SUCCESS) { |
|