From 2694eb9df04beaab1bc052a4da53d9adc6c29f0a Mon Sep 17 00:00:00 2001
From: David Carlier <devnexen@gmail.com>
Date: Sun, 22 Jun 2025 08:00:08 +0100
Subject: [PATCH] Fixed GH-18902: ldap_exop/ldap_exop_sync assert triggered on
 empty request OID

close GH-18903
---
 NEWS                        |  4 ++++
 ext/ldap/ldap.c             |  7 ++++++-
 ext/ldap/tests/gh18902.phpt | 30 ++++++++++++++++++++++++++++++
 3 files changed, 40 insertions(+), 1 deletion(-)
 create mode 100644 ext/ldap/tests/gh18902.phpt

diff --git a/NEWS b/NEWS
index 9881c36d4b0..25706b1efc0 100644
--- a/NEWS
+++ b/NEWS
@@ -10,6 +10,10 @@ PHP                                                                        NEWS
   . Fix memory leaks when returning refcounted value from curl callback.
     (nielsdos)
 
+- LDAP:
+  . Fixed GH-18902 ldap_exop/ldap_exop_sync assert triggered on empty
+    request OID. (David Carlier)
+
 - Streams:
   . Fixed GH-13264 (fgets() and stream_get_line() do not return false on filter
     fatal error). (Jakub Zelenka)
diff --git a/ext/ldap/ldap.c b/ext/ldap/ldap.c
index fecb8846400..769e6caa277 100644
--- a/ext/ldap/ldap.c
+++ b/ext/ldap/ldap.c
@@ -4036,7 +4036,12 @@ static void php_ldap_exop(INTERNAL_FUNCTION_PARAMETERS, bool force_sync) {
 	LDAPControl **lserverctrls = NULL;
 	int rc, msgid;
 
-	if (zend_parse_parameters(ZEND_NUM_ARGS(), "OS|S!a!zz", &link, ldap_link_ce, &reqoid, &reqdata, &serverctrls, &retdata, &retoid) != SUCCESS) {
+	if (zend_parse_parameters(ZEND_NUM_ARGS(), "OP|S!a!zz", &link, ldap_link_ce, &reqoid, &reqdata, &serverctrls, &retdata, &retoid) != SUCCESS) {
+		RETURN_THROWS();
+	}
+
+	if (ZSTR_LEN(reqoid) == 0) {
+		zend_argument_value_error(2, "must not be empty");
 		RETURN_THROWS();
 	}
 
diff --git a/ext/ldap/tests/gh18902.phpt b/ext/ldap/tests/gh18902.phpt
new file mode 100644
index 00000000000..329cbb59c1b
--- /dev/null
+++ b/ext/ldap/tests/gh18902.phpt
@@ -0,0 +1,30 @@
+--TEST--
+GH-17704 (ldap_search fails when $attributes contains a non-packed array with numerical keys)
+--EXTENSIONS--
+ldap
+--FILE--
+<?php
+$conn = ldap_connect();
+
+try {
+	ldap_exop($conn,"\0");
+} catch (\ValueError $e) {
+	echo $e->getMessage(), PHP_EOL;
+}
+
+try {
+	ldap_exop_sync($conn,"");
+} catch (\ValueError $e) {
+	echo $e->getMessage(), PHP_EOL;
+}
+
+try {
+	ldap_exop_sync($conn,"test\0");
+} catch (\ValueError $e) {
+	echo $e->getMessage(), PHP_EOL;
+}
+?>
+--EXPECTF--
+ldap_exop(): Argument #2 ($request_oid) must not contain any null bytes
+ldap_exop_sync(): Argument #2 ($request_oid) must not be empty
+ldap_exop_sync(): Argument #2 ($request_oid) must not contain any null bytes