From f48ca2f822385e4a94d21028373b73df1aefe39c Mon Sep 17 00:00:00 2001
From: Gina Peter Banyard <girgias@php.net>
Date: Sun, 29 Sep 2024 16:07:29 +0100
Subject: [PATCH] ext/ldap: Fix references for ldap_modify_batch()

Because I don't know how references work in PHP
---
 ext/ldap/ldap.c                               |  7 ++++
 ...y_batch_modifications_with_references.phpt | 39 ++++++++++---------
 2 files changed, 28 insertions(+), 18 deletions(-)

diff --git a/ext/ldap/ldap.c b/ext/ldap/ldap.c
index 35e4e4321c47..3cef9ac78f2f 100644
--- a/ext/ldap/ldap.c
+++ b/ext/ldap/ldap.c
@@ -2524,6 +2524,7 @@ PHP_FUNCTION(ldap_modify_batch)
 
 	zval *modification_zv = NULL;
 	ZEND_HASH_FOREACH_VAL(modifications, modification_zv) {
+		ZVAL_DEREF(modification_zv);
 		if (Z_TYPE_P(modification_zv) != IS_ARRAY) {
 			zend_argument_type_error(3, "must only contain arrays");
 			RETURN_THROWS();
@@ -2544,6 +2545,8 @@ PHP_FUNCTION(ldap_modify_batch)
 			zend_argument_value_error(3, "a modification entry must contain the \"" LDAP_MODIFY_BATCH_ATTRIB "\" option");
 			RETURN_THROWS();
 		}
+
+		ZVAL_DEREF(attrib);
 		if (UNEXPECTED(Z_TYPE_P(attrib) != IS_STRING)) {
 			zend_argument_type_error(3, "the value for option \"" LDAP_MODIFY_BATCH_ATTRIB "\" must be of type string, %s given", zend_zval_value_name(attrib));
 			RETURN_THROWS();
@@ -2558,6 +2561,8 @@ PHP_FUNCTION(ldap_modify_batch)
 			zend_argument_value_error(3, "a modification entry must contain the \"" LDAP_MODIFY_BATCH_MODTYPE "\" option");
 			RETURN_THROWS();
 		}
+
+		ZVAL_DEREF(modtype_zv);
 		if (UNEXPECTED(Z_TYPE_P(modtype_zv) != IS_LONG)) {
 			zend_argument_type_error(3, "the value for option \"" LDAP_MODIFY_BATCH_MODTYPE "\" must be of type int, %s given", zend_zval_value_name(attrib));
 			RETURN_THROWS();
@@ -2592,6 +2597,8 @@ PHP_FUNCTION(ldap_modify_batch)
 			}
 			continue;
 		}
+
+		ZVAL_DEREF(modification_values_zv);
 		if (Z_TYPE_P(modification_values_zv) != IS_ARRAY) {
 			zend_argument_type_error(3, "the value for option \"" LDAP_MODIFY_BATCH_VALUES "\" must be of type array, %s given", zend_zval_value_name(attrib));
 			RETURN_THROWS();
diff --git a/ext/ldap/tests/ldap_modify_batch_modifications_with_references.phpt b/ext/ldap/tests/ldap_modify_batch_modifications_with_references.phpt
index 418f7b2a1cc8..280d2687a54a 100644
--- a/ext/ldap/tests/ldap_modify_batch_modifications_with_references.phpt
+++ b/ext/ldap/tests/ldap_modify_batch_modifications_with_references.phpt
@@ -9,11 +9,20 @@ ldap
 $ldap = ldap_connect('ldap://127.0.0.1:3333');
 $valid_dn = "cn=userA,something";
 
-$attrib = "attrib1";
-$r =& $attrib;
+$empty_list = [];
+$modification_reference = [
+    &$empty_list,
+];
+try {
+    var_dump(ldap_modify_batch($ldap, $valid_dn, $modification_reference));
+} catch (Throwable $e) {
+    echo $e::class, ': ', $e->getMessage(), PHP_EOL;
+}
+
+$attrib = "attrib\0with\0nul\0byte";
 $modification_attrib_reference_string = [
     [
-        "attrib"  => $r,
+        "attrib"  => &$attrib,
         "modtype" => LDAP_MODIFY_BATCH_ADD,
         "values"  => ["value1"],
     ],
@@ -24,12 +33,11 @@ try {
     echo $e::class, ': ', $e->getMessage(), PHP_EOL;
 }
 
-$modtype = LDAP_MODIFY_BATCH_ADD;
-$r =& $modtype;
+$modtype = -10;
 $modification_modtype_reference_int = [
     [
         "attrib"  => "attrib1",
-        "modtype" => $r,
+        "modtype" => &$modtype,
         "values"  => ["value1"],
     ],
 ];
@@ -40,13 +48,12 @@ try {
 }
 
 
-$values = ["value1"];
-$r =& $values;
+$values = [];
 $modification_values_reference_array = [
     [
         "attrib"  => "attrib1",
         "modtype" => LDAP_MODIFY_BATCH_ADD,
-        "values"  => $r,
+        "values"  => &$values,
     ],
 ];
 try {
@@ -56,12 +63,8 @@ try {
 }
 
 ?>
---EXPECTF--
-Warning: ldap_modify_batch(): Batch Modify: Can't contact LDAP server in %s on line %d
-bool(false)
-
-Warning: ldap_modify_batch(): Batch Modify: Can't contact LDAP server in %s on line %d
-bool(false)
-
-Warning: ldap_modify_batch(): Batch Modify: Can't contact LDAP server in %s on line %d
-bool(false)
+--EXPECT--
+ValueError: ldap_modify_batch(): Argument #3 ($modifications_info) a modification entry must only contain the keys "attrib", "modtype", and "values"
+ValueError: ldap_modify_batch(): Argument #3 ($modifications_info) the value for option "attrib" must not contain null bytes
+ValueError: ldap_modify_batch(): Argument #3 ($modifications_info) the value for option "modtype" must be LDAP_MODIFY_BATCH_ADD, LDAP_MODIFY_BATCH_REMOVE, LDAP_MODIFY_BATCH_REPLACE, or LDAP_MODIFY_BATCH_REMOVE_ALL
+ValueError: ldap_modify_batch(): Argument #3 ($modifications_info) the value for option "values" must not be empty