Skip to content

Commit 05eb972

Browse files
committed
ext/ldap: fix leak on port overflow check.
1 parent c978111 commit 05eb972

File tree

2 files changed

+30
-3
lines changed

2 files changed

+30
-3
lines changed

ext/ldap/ldap.c

Lines changed: 8 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -984,8 +984,6 @@ PHP_FUNCTION(ldap_connect)
984984
RETURN_FALSE;
985985
}
986986

987-
object_init_ex(return_value, ldap_link_ce);
988-
ld = Z_LDAP_LINK_P(return_value);
989987

990988
{
991989
int rc = LDAP_SUCCESS;
@@ -1008,13 +1006,17 @@ PHP_FUNCTION(ldap_connect)
10081006

10091007
/* ensure all pending TLS options are applied in a new context */
10101008
if (ldap_set_option(NULL, LDAP_OPT_X_TLS_NEWCTX, &val) != LDAP_OPT_SUCCESS) {
1011-
zval_ptr_dtor(return_value);
1009+
if (url != host) {
1010+
efree(url);
1011+
}
10121012
php_error_docref(NULL, E_WARNING, "Could not create new security context");
10131013
RETURN_FALSE;
10141014
}
10151015
LDAPG(tls_newctx) = false;
10161016
}
10171017
#endif
1018+
object_init_ex(return_value, ldap_link_ce);
1019+
ld = Z_LDAP_LINK_P(return_value);
10181020

10191021
#ifdef LDAP_API_FEATURE_X_OPENLDAP
10201022
/* ldap_init() is deprecated, use ldap_initialize() instead.
@@ -1027,6 +1029,9 @@ PHP_FUNCTION(ldap_connect)
10271029
ldap = ldap_init(host, port);
10281030
if (ldap == NULL) {
10291031
zval_ptr_dtor(return_value);
1032+
if (url != host) {
1033+
efree(url);
1034+
}
10301035
php_error_docref(NULL, E_WARNING, "Could not create session handle");
10311036
RETURN_FALSE;
10321037
}
Lines changed: 22 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,22 @@
1+
--TEST--
2+
ldap_connect() - Connection errors
3+
--EXTENSIONS--
4+
ldap
5+
--FILE--
6+
<?php
7+
require "connect.inc";
8+
try {
9+
ldap_connect("nope://$host", 65536);
10+
} catch (\ValueError $e) {
11+
echo $e->getMessage(), PHP_EOL;
12+
}
13+
14+
try {
15+
ldap_connect("nope://$host", 0);
16+
} catch (\ValueError $e) {
17+
echo $e->getMessage(), PHP_EOL;
18+
}
19+
?>
20+
--EXPECT--
21+
must be between 1 and 65535
22+
must be between 1 and 65535

0 commit comments

Comments
 (0)