19838509 upgrade php to version 5.3.29
18857741 problem in UTILITY/PHP
18890894 problem in UTILITY/PHP
18890895 problem in UTILITY/PHP
19003253 problem in UTILITY/PHP
19167518 problem in UTILITY/PHP
19519142 problem in UTILITY/PHP
19556437 problem in UTILITY/PHP
19707971 problem in UTILITY/PHP
19796954 problem in UTILITY/PHP
Fix for CVE-2014-8088
Patch:
http://git.php.net/?p=php-src.git;a=commitdiff_plain;h=ed4de188dd1c15d278a8250e6be3cba142bba6af
Code:
http://git.php.net/?p=php-src.git;a=commitdiff;h=ed4de188dd1c15d278a8250e6be3cba142bba6af
Verified by hand that it patches the correct code.
diff --git a/ext/ldap/ldap.c b/ext/ldap/ldap.c
index 10daa82..da5aa5f 100644
--- a/ext/ldap/ldap.c
+++ b/ext/ldap/ldap.c
@@ -399,6 +399,16 @@ PHP_FUNCTION(ldap_bind)
RETURN_FALSE;
}
+ if (ldap_bind_dn != NULL && memchr(ldap_bind_dn, '\0', ldap_bind_dnlen) != NULL) {
+ php_error_docref(NULL TSRMLS_CC, E_WARNING, "DN contains a null byte");
+ RETURN_FALSE;
+ }
+
+ if (ldap_bind_pw != NULL && memchr(ldap_bind_pw, '\0', ldap_bind_pwlen) != NULL) {
+ php_error_docref(NULL TSRMLS_CC, E_WARNING, "Password contains a null byte");
+ RETURN_FALSE;
+ }
+
ZEND_FETCH_RESOURCE(ld, ldap_linkdata *, &link, -1, "ldap link", le_link);
if ((rc = ldap_bind_s(ld->link, ldap_bind_dn, ldap_bind_pw, LDAP_AUTH_SIMPLE)) != LDAP_SUCCESS) {