Skip to content

ext/ldap: fix leak on port overflow check. #18645

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: PHP-8.3
Choose a base branch
from
Open

ext/ldap: fix leak on port overflow check. #18645

wants to merge 1 commit into from
+32 −3

Conversation

devnexen
Copy link
Member

No description provided.

nielsdos
nielsdos requested changes May 24, 2025
View reviewed changes
ext/ldap/ldap.c Outdated
@@ -994,6 +994,7 @@ PHP_FUNCTION(ldap_connect)
size_t urllen = hostlen + sizeof( "ldap://:65535" );

if (port <= 0 || port > 65535) {
zval_ptr_dtor(return_value);
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This doesn't "clear out" the return value, so you'll get a double free later I think.
Instead, the proper fix is probably moving the object_init_ex and assignment to ld further down (and then getting rid of the existing zval_ptr_dtor(return_value); under #ifdef LDAP_OPT_X_TLS_NEWCTX

@nielsdos
Copy link
Member

Can you try to minimize the diff by not re-indenting?

@devnexen devnexen force-pushed the ldap_check_leaks branch 2 times, most recently from 657f79b to 890c2f0 Compare May 24, 2025 21:44
@nielsdos
Copy link
Member

Don't forget to remove that now-redundant zval_ptr_dtor(return_value); at now-line 1009

@devnexen devnexen force-pushed the ldap_check_leaks branch from 890c2f0 to df91d36 Compare May 24, 2025 22:11
nielsdos
nielsdos approved these changes May 25, 2025
View reviewed changes
Copy link
Member

@nielsdos nielsdos left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This code is right. Maybe a test would be nice.
I just noticed there's another leak btw: on line 999 url is emalloc'd, but not all error paths free this

@nielsdos
Copy link
Member

Test failure is legit

@devnexen devnexen force-pushed the ldap_check_leaks branch from 3a5e835 to fb59f66 Compare May 25, 2025 09:36
@devnexen devnexen marked this pull request as draft May 25, 2025 09:37
@devnexen devnexen force-pushed the ldap_check_leaks branch 5 times, most recently from 05eb972 to e977f2b Compare May 25, 2025 10:27
@devnexen devnexen force-pushed the ldap_check_leaks branch from e977f2b to 32a7f59 Compare May 25, 2025 10:48
@devnexen devnexen marked this pull request as ready for review May 25, 2025 11:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nielsdos nielsdos nielsdos approved these changes

Assignees
No one assigned
Labels
Extension: ldap
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@devnexen @nielsdos