From: mikael dot suvi at trigger dot ee
Operating system: Suse 8.2
PHP version: 4.3.3
PHP Bug Type: Reproducible crash
Bug description: ldap_explode_dn crashes
Description:
------------
ldap_explode_dn crashes apache if not correct parameter is given to
function. This fix to applied ldap.c did not crash anymore:
*** ext/ldap/ldap.c.old 2003-09-13 17:52:40.000000000 +0300
--- ext/ldap/ldap.c 2003-09-13 17:33:09.000000000 +0300
***************
*** 1210,1215 ****
--- 1210,1219 ----
ldap_value = ldap_explode_dn(Z_STRVAL_PP(dn),
Z_LVAL_PP(with_attrib));
+ if (ldap_value == NULL) {
+ RETURN_FALSE;
+ }
+
i=0;
while(ldap_value[i] != NULL) i++;
count = i;
Reproduce code:
---------------
<?
$ret = ldap_explode_dn("6", 0);
if ($ret === false) {
print "no good";
}
?>
Expected result:
----------------
text "no good" to be displayed
Actual result:
--------------
apache crashes with
[Sat Sep 13 17:12:37 2003] [notice] child pid 28620 exit signal
Segmentation fault (11)
#0 0x405072ee in zif_ldap_explode_dn (ht=2, return_value=0x840fc2c,
this_ptr=0x0, return_value_used=1) at /root/php-4.3.3/ext/ldap/ldap.c:1214
#1 0x40655fae in execute (op_array=0x8393450) at
/root/php-4.3.3/Zend/zend_execute.c:1616
#2 0x406561e1 in execute (op_array=0x81e9bb8) at
/root/php-4.3.3/Zend/zend_execute.c:1660
#3 0x406561e1 in execute (op_array=0x83aaef4) at
/root/php-4.3.3/Zend/zend_execute.c:1660
#4 0x406581a8 in execute (op_array=0x8173bd4) at
/root/php-4.3.3/Zend/zend_execute.c:2181
#5 0x40644990 in zend_execute_scripts (type=8, retval=0x0, file_count=3)
at /root/php-4.3.3/Zend/zend.c:885
#6 0x4060ea77 in php_execute_script (primary_file=0xbfffecb0) at
/root/php-4.3.3/main/main.c:1723
#7 0x4065b0b0 in apache_php_module_main (r=0x8090f00,
display_source_mode=0) at /root/php-4.3.3/sapi/apache/sapi_apache.c:54
#8 0x4065c065 in send_php (r=0x8090f00, display_source_mode=0,
filename=0x8092d90 "/home/www/arcoportal/phpbb2/profile.php") at
/root/php-4.3.3/sapi/apache/mod_php4.c:620
#9 0x4065c0de in send_parsed_php (r=0x8090f00) at
/root/php-4.3.3/sapi/apache/mod_php4.c:635
#10 0x08055137 in ap_invoke_handler (r=0x8090f00) at http_config.c:518
#11 0x08069eff in process_request_internal (r=0x8090f00) at
http_request.c:1308
#12 0x0806a161 in ap_process_request (r=0x8090f00) at http_request.c:1324
#13 0x08061bbf in child_main (child_num_arg=0) at http_main.c:4689
#14 0x08061da3 in make_child (s=0x0, slot=2, now=0) at http_main.c:4868
#15 0x08062166 in perform_idle_server_maintenance () at http_main.c:5050
#16 0x0806286d in standalone_main (argc=5, argv=0xbffff1f4) at
http_main.c:5287
#17 0x08063076 in main (argc=5, argv=0xbffff1f4) at http_main.c:5566
#18 0x401af8ae in __libc_start_main () from /lib/libc.so.6
--
Edit bug report at http://bugs.php.net/?id=25525&edit=1
--
Try a CVS snapshot (php4): http://bugs.php.net/fix.php?id=25525&r=trysnapshot4
Try a CVS snapshot (php5): http://bugs.php.net/fix.php?id=25525&r=trysnapshot5
Fixed in CVS: http://bugs.php.net/fix.php?id=25525&r=fixedcvs
Fixed in release: http://bugs.php.net/fix.php?id=25525&r=alreadyfixed
Need backtrace: http://bugs.php.net/fix.php?id=25525&r=needtrace
Try newer version: http://bugs.php.net/fix.php?id=25525&r=oldversion
Not developer issue: http://bugs.php.net/fix.php?id=25525&r=support
Expected behavior: http://bugs.php.net/fix.php?id=25525&r=notwrong
Not enough info: http://bugs.php.net/fix.php?id=25525&r=notenoughinfo
Submitted twice: http://bugs.php.net/fix.php?id=25525&r=submittedtwice
register_globals: http://bugs.php.net/fix.php?id=25525&r=globals
PHP 3 support discontinued: http://bugs.php.net/fix.php?id=25525&r=php3
Daylight Savings: http://bugs.php.net/fix.php?id=25525&r=dst
IIS Stability: http://bugs.php.net/fix.php?id=25525&r=isapi
Install GNU Sed: http://bugs.php.net/fix.php?id=25525&r=gnused
