Merge branch 'PHP-8.2' into PHP-8.3

* PHP-8.2: ext/ldap: Fix GH-16101 (Segfaults in php_ldap_do_search() when LDAPs is not a list)
2026-03-24 00:02:20 +01:00 · 2024-09-28 19:53:39 +01:00
parent 37a73a83c3 19bba83715
commit 0f2fe67b2a
3 changed files with 32 additions and 0 deletions
--- a/2
+++ b/2
@@ -18,6 +18,8 @@ PHP                                                                        NEWS
 - LDAP:
  . Fixed bug GH-16032 (Various NULL pointer dereferencements in
    ldap_modify_batch()). (Girgias)
+  . Fixed bug GH-16101 (Segfault in ldap_list(), ldap_read(), and ldap_search()
+    when LDAPs array is not a list). (Girgias)

 - OpenSSL:
  . Fixed stub for openssl_csr_new. (Jakub Zelenka)
--- a/ext/ldap/ldap.c
+++ b/ext/ldap/ldap.c
@@ -1503,6 +1503,11 @@ static void php_ldap_do_search(INTERNAL_FUNCTION_PARAMETERS, int scope)
 			ret = 0;
 			goto cleanup;
 		}
+		if (!zend_array_is_list(Z_ARRVAL_P(link))) {
+			zend_argument_value_error(1, "must be a list");
+			ret = 0;
+			goto cleanup;
+		}

 		if (base_dn_ht) {
 			nbases = zend_hash_num_elements(base_dn_ht);
--- a/ext/ldap/tests/gh16101.phpt
+++ b/ext/ldap/tests/gh16101.phpt
@@ -0,0 +1,25 @@
+--TEST--
+Bug GH-16101: Segfault in ldap_list(), ldap_read(), and ldap_search() when LDAPs array is not a list
+--EXTENSIONS--
+ldap
+--FILE--
+<?php
+
+/* We are assuming 3333 is not connectable */
+$ldap = ldap_connect('ldap://127.0.0.1:3333');
+$valid_dn = "cn=userA,something";
+$valid_filter = "";
+
+$ldaps_dict = [
+    "hello"  => $ldap,
+    "world"  => $ldap,
+];
+try {
+    var_dump(ldap_list($ldaps_dict, $valid_dn, $valid_filter));
+} catch (Throwable $e) {
+    echo $e::class, ': ', $e->getMessage(), PHP_EOL;
+}
+
+?>
+--EXPECT--
+ValueError: ldap_list(): Argument #1 ($ldap) must be a list