Merge branch 'PHP-8.2' into PHP-8.3

* PHP-8.2:
  NEWS entries for LDAP bug fixes
  ext/ldap: Fix GH-16136 (Memory leak in php_ldap_do_modify())
  ext/ldap: Fix GH-16132 (Freeing pointer not allocated by ZMM)

Author: Girgias

NEWS

@@ -23,6 +23,10 @@ PHP                                                                        NEWS
     ldap_modify_batch()). (Girgias)
   . Fixed bug GH-16101 (Segfault in ldap_list(), ldap_read(), and ldap_search()
     when LDAPs array is not a list). (Girgias)
+  . Fix GH-16132 (php_ldap_do_modify() attempts to free pointer not allocated
+    by ZMM.). (Girgias)
+  . Fix GH-16136 (Memory leak in php_ldap_do_modify() when entry is not a
+    proper dictionary). (Girgias)
 
 - OpenSSL:
   . Fixed stub for openssl_csr_new. (Jakub Zelenka)

ext/ldap/ldap.c

@@ -2224,17 +2224,11 @@ static void php_ldap_do_modify(INTERNAL_FUNCTION_PARAMETERS, int oper, int ext)
 			ldap_mods[i]->mod_type = estrndup(ZSTR_VAL(attribute), ZSTR_LEN(attribute));
 		} else {
 			php_error_docref(NULL, E_WARNING, "Unknown attribute in the data");
-			/* Free allocated memory */
-			while (i >= 0) {
-				if (ldap_mods[i]->mod_type) {
-					efree(ldap_mods[i]->mod_type);
-				}
-				efree(ldap_mods[i]);
-				i--;
-			}
-			efree(num_berval);
-			efree(ldap_mods);
-			RETURN_FALSE;
+			RETVAL_FALSE;
+			num_berval[i] = 0;
+			num_attribs = i + 1;
+			ldap_mods[i]->mod_bvalues = NULL;
+			goto cleanup;
 		}
 
 		value = zend_hash_get_current_data(Z_ARRVAL_P(entry));
@@ -2255,6 +2249,8 @@ static void php_ldap_do_modify(INTERNAL_FUNCTION_PARAMETERS, int oper, int ext)
 			convert_to_string(value);
 			if (EG(exception)) {
 				RETVAL_FALSE;
+				num_berval[i] = 0;
+				num_attribs = i + 1;
 				goto cleanup;
 			}
 			ldap_mods[i]->mod_bvalues[0] = (struct berval *) emalloc (sizeof(struct berval));
@@ -2271,6 +2267,8 @@ static void php_ldap_do_modify(INTERNAL_FUNCTION_PARAMETERS, int oper, int ext)
 				}
 				convert_to_string(ivalue);
 				if (EG(exception)) {
+					num_berval[i] = j;
+					num_attribs = i + 1;
 					RETVAL_FALSE;
 					goto cleanup;
 				}

ext/ldap/tests/gh16132-1.phpt

@@ -0,0 +1,28 @@
+--TEST--
+Bug GH-16132: Attempting to free pointer not allocated by ZMM
+--EXTENSIONS--
+ldap
+--FILE--
+<?php
+
+/* ldap_add(_ext)(), ldap_mod_replace(_ext)(), ldap_mod_add(_ext)(), and ldap_mod_del(_ext)() share an underlying C function */
+/* We are assuming 3333 is not connectable */
+$ldap = ldap_connect('ldap://127.0.0.1:3333');
+$valid_dn = "cn=userA,something";
+
+$dict_key_value_not_string = [
+    'attribute1' => new stdClass(),
+    'attribute2' => [
+        'value1',
+        'value2',
+    ],
+];
+try {
+    var_dump(ldap_add($ldap, $valid_dn, $dict_key_value_not_string));
+} catch (Throwable $e) {
+    echo $e::class, ': ', $e->getMessage(), PHP_EOL;
+}
+
+?>
+--EXPECT--
+Error: Object of class stdClass could not be converted to string

ext/ldap/tests/gh16132-2.phpt

@@ -0,0 +1,28 @@
+--TEST--
+Bug GH-16132: Attempting to free pointer not allocated by ZMM
+--EXTENSIONS--
+ldap
+--FILE--
+<?php
+
+/* ldap_add(_ext)(), ldap_mod_replace(_ext)(), ldap_mod_add(_ext)(), and ldap_mod_del(_ext)() share an underlying C function */
+/* We are assuming 3333 is not connectable */
+$ldap = ldap_connect('ldap://127.0.0.1:3333');
+$valid_dn = "cn=userA,something";
+
+$dict_key_multi_value_not_list_of_strings2 = [
+    'attribute1' => 'value',
+    'attribute2' => [
+        'value1',
+        new stdClass(),
+    ],
+];
+try {
+    var_dump(ldap_add($ldap, $valid_dn, $dict_key_multi_value_not_list_of_strings2));
+} catch (Throwable $e) {
+    echo $e::class, ': ', $e->getMessage(), PHP_EOL;
+}
+
+?>
+--EXPECT--
+Error: Object of class stdClass could not be converted to string

ext/ldap/tests/gh16136.phpt

@@ -0,0 +1,30 @@
+--TEST--
+Bug GH-16136: Memory leak in php_ldap_do_modify() when entry is not a proper dictionary
+--EXTENSIONS--
+ldap
+--FILE--
+<?php
+
+/* ldap_add(_ext)(), ldap_mod_replace(_ext)(), ldap_mod_add(_ext)(), and ldap_mod_del(_ext)() share an underlying C function */
+/* We are assuming 3333 is not connectable */
+$ldap = ldap_connect('ldap://127.0.0.1:3333');
+$valid_dn = "cn=userA,something";
+
+$not_dict_of_attributes = [
+    'attribute1' => 'value',
+    'not_key_entry',
+    'attribute3' => [
+        'value1',
+        'value2',
+    ],
+];
+try {
+    var_dump(ldap_add($ldap, $valid_dn, $not_dict_of_attributes));
+} catch (Throwable $e) {
+    echo $e::class, ': ', $e->getMessage(), PHP_EOL;
+}
+
+?>
+--EXPECTF--
+Warning: ldap_add(): Unknown attribute in the data in %s on line %d
+bool(false)