From: mikael dot suvi at trigger dot ee
Operating system: Suse 8.2
PHP version: 4.3.3
PHP Bug Type: Reproducible crash
Bug description: ldap_explode_dn crashes

Description:
------------
ldap_explode_dn crashes apache if not correct parameter is given to
function. This fix to applied ldap.c did not crash anymore:

*** ext/ldap/ldap.c.old 2003-09-13 17:52:40.000000000 +0300
--- ext/ldap/ldap.c 2003-09-13 17:33:09.000000000 +0300
***************
*** 1210,1215 ****
--- 1210,1219 ----

ldap_value = ldap_explode_dn(Z_STRVAL_PP(dn),
Z_LVAL_PP(with_attrib));

+ if (ldap_value == NULL) {
+ RETURN_FALSE;
+ }
+
i=0;
while(ldap_value[i] != NULL) i++;
count = i;


Reproduce code:
---------------
<?
$ret = ldap_explode_dn("6", 0);

if ($ret === false) {
print "no good";
}
?>

Expected result:
----------------
text "no good" to be displayed

Actual result:
--------------
apache crashes with

[Sat Sep 13 17:12:37 2003] [notice] child pid 28620 exit signal
Segmentation fault (11)

#0 0x405072ee in zif_ldap_explode_dn (ht=2, return_value=0x840fc2c,
this_ptr=0x0, return_value_used=1) at /root/php-4.3.3/ext/ldap/ldap.c:1214

#1 0x40655fae in execute (op_array=0x8393450) at
/root/php-4.3.3/Zend/zend_execute.c:1616
#2 0x406561e1 in execute (op_array=0x81e9bb8) at
/root/php-4.3.3/Zend/zend_execute.c:1660
#3 0x406561e1 in execute (op_array=0x83aaef4) at
/root/php-4.3.3/Zend/zend_execute.c:1660
#4 0x406581a8 in execute (op_array=0x8173bd4) at
/root/php-4.3.3/Zend/zend_execute.c:2181
#5 0x40644990 in zend_execute_scripts (type=8, retval=0x0, file_count=3)
at /root/php-4.3.3/Zend/zend.c:885
#6 0x4060ea77 in php_execute_script (primary_file=0xbfffecb0) at
/root/php-4.3.3/main/main.c:1723
#7 0x4065b0b0 in apache_php_module_main (r=0x8090f00,
display_source_mode=0) at /root/php-4.3.3/sapi/apache/sapi_apache.c:54
#8 0x4065c065 in send_php (r=0x8090f00, display_source_mode=0,
filename=0x8092d90 "/home/www/arcoportal/phpbb2/profile.php") at
/root/php-4.3.3/sapi/apache/mod_php4.c:620
#9 0x4065c0de in send_pd_php (r=0x8090f00) at
/root/php-4.3.3/sapi/apache/mod_php4.c:635
#10 0x08055137 in ap_invoke_handler (r=0x8090f00) at http_config.c:518
#11 0x08069eff in process_request_internal (r=0x8090f00) at
http_request.c:1308
#12 0x0806a161 in ap_process_request (r=0x8090f00) at http_request.c:1324

#13 0x08061bbf in child_main (child_num_arg=0) at http_main.c:4689
#14 0x08061da3 in make_child (s=0x0, slot=2, now=0) at http_main.c:4868
#15 0x08062166 in perform_idle_server_maintenance () at http_main.c:5050
#16 0x0806286d in standalone_main (argc=5, argv=0xbffff1f4) at
http_main.c:5287
#17 0x08063076 in main (argc=5, argv=0xbffff1f4) at http_main.c:5566
#18 0x401af8ae in __libc_start_main () from /lib/libc.so.6

--
Edit bug report at [url]http://bugs.php.net/?id=25525&edit=1[/url]
--
Try a CVS snapshot (php4): [url]http://bugs.php.net/fix.php?id=25525&r=trysnapshot4[/url]
Try a CVS snapshot (php5): [url]http://bugs.php.net/fix.php?id=25525&r=trysnapshot5[/url]
Fixed in CVS: [url]http://bugs.php.net/fix.php?id=25525&r=fixedcvs[/url]
Fixed in release: [url]http://bugs.php.net/fix.php?id=25525&r=alreadyfixed[/url]
Need backtrace: [url]http://bugs.php.net/fix.php?id=25525&r=needtrace[/url]
Try newer version: [url]http://bugs.php.net/fix.php?id=25525&r=oldversion[/url]
Not developer issue: [url]http://bugs.php.net/fix.php?id=25525&r=support[/url]
Expected behavior: [url]http://bugs.php.net/fix.php?id=25525&r=notwrong[/url]
Not enough info: [url]http://bugs.php.net/fix.php?id=25525&r=notenoughinfo[/url]
Submitted twice: [url]http://bugs.php.net/fix.php?id=25525&r=submittedtwice[/url]
register_globals: [url]http://bugs.php.net/fix.php?id=25525&r=globals[/url]
PHP 3 support discontinued: [url]http://bugs.php.net/fix.php?id=25525&r=php3[/url]
Daylight Savings: [url]http://bugs.php.net/fix.php?id=25525&r=dst[/url]
IIS Stability: [url]http://bugs.php.net/fix.php?id=25525&r=isapi[/url]
Install GNU Sed: [url]http://bugs.php.net/fix.php?id=25525&r=gnused[/url]