Skip to content

Commit b98d553

Browse files
ndosschendossche
committed
Merge branch 'PHP-8.4' into PHP-8.5
* PHP-8.4: ldap: Fix memory leak in ldap_set_options()
2 parents c24d51e + 5da5fa5 commit b98d553

File tree

3 files changed

+45
-3
lines changed

3 files changed

+45
-3
lines changed

NEWS

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -10,6 +10,10 @@ PHP NEWS
1010
. Fixed bug GH-20631 (Integer underflow in exif HEIF parsing
1111
when pos.size < 2). (Oblivionsage)
1212

13+
- LDAP:
14+
. Fix memory leak in ldap_set_options(). (ndossche)
15+
16+
1317
18 Dec 2025, PHP 8.5.1
1418

1519
- Core:

ext/ldap/ldap.c

Lines changed: 7 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -684,14 +684,15 @@ static int php_ldap_control_from_array(LDAP *ld, LDAPControl** ctrl, const HashT
684684
goto failure;
685685
}
686686

687+
zend_string *context_str = NULL;
687688
if ((tmp = zend_hash_str_find(Z_ARRVAL_P(val), "context", sizeof("context") - 1)) != NULL) {
688-
tmpstring = zval_get_string(tmp);
689+
context_str = zval_get_string(tmp);
689690
if (EG(exception)) {
690691
rc = -1;
691692
goto failure;
692693
}
693-
context.bv_val = ZSTR_VAL(tmpstring);
694-
context.bv_len = ZSTR_LEN(tmpstring);
694+
context.bv_val = ZSTR_VAL(context_str);
695+
context.bv_len = ZSTR_LEN(context_str);
695696
vlvInfo.ldvlv_context = &context;
696697
} else {
697698
vlvInfo.ldvlv_context = NULL;
@@ -703,6 +704,9 @@ static int php_ldap_control_from_array(LDAP *ld, LDAPControl** ctrl, const HashT
703704
if (rc != LDAP_SUCCESS) {
704705
php_error_docref(NULL, E_WARNING, "Failed to create VLV control value: %s (%d)", ldap_err2string(rc), rc);
705706
}
707+
if (context_str) {
708+
zend_string_release_ex(context_str, false);
709+
}
706710
} else {
707711
zend_type_error("%s(): Control OID %s cannot be of type array", get_active_function_name(), ZSTR_VAL(control_oid));
708712
rc = -1;

ext/ldap/tests/ldap_set_option_leak_attrvalue_context.phpt

Lines changed: 34 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,34 @@
1+
--TEST--
2+
ldap_set_option() - Leaks attrvalue and context
3+
--EXTENSIONS--
4+
ldap
5+
--FILE--
6+
<?php
7+
require "connect.inc";
8+
9+
$link = ldap_connect($uri);
10+
11+
$attrvalue = str_repeat("attrvalue", random_int(1, 1));
12+
$context = str_repeat("context", random_int(1, 1));
13+
14+
$controls = [
15+
["oid" => "2.16.840.1.113730.3.4.9", "value" => ["attrvalue" => $attrvalue, "context" => $context, "before" => 0, "after" => 0]],
16+
];
17+
18+
ldap_set_option($link, LDAP_OPT_CLIENT_CONTROLS, $controls);
19+
ldap_get_option($link, LDAP_OPT_CLIENT_CONTROLS, $controls_out);
20+
21+
var_dump($controls_out);
22+
?>
23+
--EXPECTF--
24+
array(1) {
25+
["2.16.840.1.113730.3.4.9"]=>
26+
array(3) {
27+
["oid"]=>
28+
string(23) "2.16.840.1.113730.3.4.9"
29+
["iscritical"]=>
30+
bool(false)
31+
["value"]=>
32+
string(28) "0%0%0 attrvaluecontext"
33+
}
34+
}

0 commit comments

Comments
 (0)