Skip to content

Commit 2235286

Browse files
nikicnikic
committed
Merge branch 'PHP-7.3' into PHP-7.4
* PHP-7.3: Fix some memory bugs in ldap.c
2 parents db484b6 + 23ef0a1 commit 2235286

File tree

1 file changed

+36
-8
lines changed

1 file changed

+36
-8
lines changed

ext/ldap/ldap.c

Lines changed: 36 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -282,7 +282,8 @@ static int _php_ldap_control_from_array(LDAP *ld, LDAPControl** ctrl, zval* arra
282282
int control_iscritical = 0, rc = LDAP_SUCCESS;
283283
char** ldap_attrs = NULL;
284284
LDAPSortKey** sort_keys = NULL;
285-
zend_string *tmpstring = NULL;
285+
zend_string *tmpstring = NULL, **tmpstrings1 = NULL, **tmpstrings2 = NULL;
286+
size_t num_tmpstrings1 = 0, num_tmpstrings2 = 0;
286287

287288
if ((val = zend_hash_str_find(Z_ARRVAL_P(array), "oid", sizeof("oid") - 1)) == NULL) {
288289
php_error_docref(NULL, E_WARNING, "Control must have an oid key");
@@ -396,7 +397,6 @@ static int _php_ldap_control_from_array(LDAP *ld, LDAPControl** ctrl, zval* arra
396397
if (ber_flatten2(vrber, control_value, 0) == -1) {
397398
rc = -1;
398399
}
399-
ber_free(vrber, 1);
400400
}
401401
}
402402
}
@@ -418,6 +418,8 @@ static int _php_ldap_control_from_array(LDAP *ld, LDAPControl** ctrl, zval* arra
418418

419419
num_attribs = zend_hash_num_elements(Z_ARRVAL_P(tmp));
420420
ldap_attrs = safe_emalloc((num_attribs+1), sizeof(char *), 0);
421+
tmpstrings1 = safe_emalloc(num_attribs, sizeof(zend_string*), 0);
422+
num_tmpstrings1 = 0;
421423

422424
for (i = 0; i<num_attribs; i++) {
423425
if ((attr = zend_hash_index_find(Z_ARRVAL_P(tmp), i)) == NULL) {
@@ -426,12 +428,13 @@ static int _php_ldap_control_from_array(LDAP *ld, LDAPControl** ctrl, zval* arra
426428
goto failure;
427429
}
428430

429-
tmpstring = zval_get_string(attr);
431+
tmpstrings1[num_tmpstrings1] = zval_get_string(attr);
430432
if (EG(exception)) {
431433
rc = -1;
432434
goto failure;
433435
}
434-
ldap_attrs[i] = ZSTR_VAL(tmpstring);
436+
ldap_attrs[i] = ZSTR_VAL(tmpstrings1[num_tmpstrings1]);
437+
++num_tmpstrings1;
435438
}
436439
ldap_attrs[num_attribs] = NULL;
437440

@@ -456,6 +459,10 @@ static int _php_ldap_control_from_array(LDAP *ld, LDAPControl** ctrl, zval* arra
456459

457460
num_keys = zend_hash_num_elements(Z_ARRVAL_P(val));
458461
sort_keys = safe_emalloc((num_keys+1), sizeof(LDAPSortKey*), 0);
462+
tmpstrings1 = safe_emalloc(num_keys, sizeof(zend_string*), 0);
463+
tmpstrings2 = safe_emalloc(num_keys, sizeof(zend_string*), 0);
464+
num_tmpstrings1 = 0;
465+
num_tmpstrings2 = 0;
459466

460467
for (i = 0; i<num_keys; i++) {
461468
if ((sortkey = zend_hash_index_find(Z_ARRVAL_P(val), i)) == NULL) {
@@ -470,20 +477,22 @@ static int _php_ldap_control_from_array(LDAP *ld, LDAPControl** ctrl, zval* arra
470477
goto failure;
471478
}
472479
sort_keys[i] = emalloc(sizeof(LDAPSortKey));
473-
tmpstring = zval_get_string(tmp);
480+
tmpstrings1[num_tmpstrings1] = zval_get_string(tmp);
474481
if (EG(exception)) {
475482
rc = -1;
476483
goto failure;
477484
}
478-
sort_keys[i]->attributeType = ZSTR_VAL(tmpstring);
485+
sort_keys[i]->attributeType = ZSTR_VAL(tmpstrings1[num_tmpstrings1]);
486+
++num_tmpstrings1;
479487

480488
if ((tmp = zend_hash_str_find(Z_ARRVAL_P(sortkey), "oid", sizeof("oid") - 1)) != NULL) {
481-
tmpstring = zval_get_string(tmp);
489+
tmpstrings2[num_tmpstrings2] = zval_get_string(tmp);
482490
if (EG(exception)) {
483491
rc = -1;
484492
goto failure;
485493
}
486-
sort_keys[i]->orderingRule = ZSTR_VAL(tmpstring);
494+
sort_keys[i]->orderingRule = ZSTR_VAL(tmpstrings2[num_tmpstrings2]);
495+
++num_tmpstrings2;
487496
} else {
488497
sort_keys[i]->orderingRule = NULL;
489498
}
@@ -590,6 +599,20 @@ static int _php_ldap_control_from_array(LDAP *ld, LDAPControl** ctrl, zval* arra
590599
if (tmpstring != NULL) {
591600
zend_string_release(tmpstring);
592601
}
602+
if (tmpstrings1 != NULL) {
603+
int i;
604+
for (i = 0; i < num_tmpstrings1; ++i) {
605+
zend_string_release(tmpstrings1[i]);
606+
}
607+
efree(tmpstrings1);
608+
}
609+
if (tmpstrings2 != NULL) {
610+
int i;
611+
for (i = 0; i < num_tmpstrings2; ++i) {
612+
zend_string_release(tmpstrings2[i]);
613+
}
614+
efree(tmpstrings2);
615+
}
593616
if (control_value != NULL) {
594617
ber_memfree(control_value);
595618
control_value = NULL;
@@ -4292,6 +4315,11 @@ PHP_FUNCTION(ldap_exop_passwd)
42924315
lnewpw.bv_len > 0 ? &lnewpw : NULL,
42934316
requestctrls,
42944317
NULL, &msgid);
4318+
4319+
if (requestctrls != NULL) {
4320+
efree(requestctrls);
4321+
}
4322+
42954323
if (rc != LDAP_SUCCESS ) {
42964324
php_error_docref(NULL, E_WARNING, "Passwd modify extended operation failed: %s (%d)", ldap_err2string(rc), rc);
42974325
RETURN_FALSE;

0 commit comments

Comments
 (0)