From: mikael dot suvi at trigger dot ee
Operating system: Suse 8.2
PHP version: 4.3.3
PHP Bug Type: Reproducible crash
Bug description: ldap_explode_dn crashes

ldap_explode_dn crashes apache if not correct parameter is given to
function. This fix to applied ldap.c did not crash anymore:

*** ext/ldap/ldap.c.old 2003-09-13 17:52:40.000000000 +0300
--- ext/ldap/ldap.c 2003-09-13 17:33:09.000000000 +0300
*** 1210,1215 ****
--- 1210,1219 ----

ldap_value = ldap_explode_dn(Z_STRVAL_PP(dn),

+ if (ldap_value == NULL) {
+ }
while(ldap_value[i] != NULL) i++;
count = i;

Reproduce code:
$ret = ldap_explode_dn("6", 0);

if ($ret === false) {
print "no good";

Expected result:
text "no good" to be displayed

Actual result:
apache crashes with

[Sat Sep 13 17:12:37 2003] [notice] child pid 28620 exit signal
Segmentation fault (11)

#0 0x405072ee in zif_ldap_explode_dn (ht=2, return_value=0x840fc2c,
this_ptr=0x0, return_value_used=1) at /root/php-4.3.3/ext/ldap/ldap.c:1214

#1 0x40655fae in execute (op_array=0x8393450) at
#2 0x406561e1 in execute (op_array=0x81e9bb8) at
#3 0x406561e1 in execute (op_array=0x83aaef4) at
#4 0x406581a8 in execute (op_array=0x8173bd4) at
#5 0x40644990 in zend_execute_scripts (type=8, retval=0x0, file_count=3)
at /root/php-4.3.3/Zend/zend.c:885
#6 0x4060ea77 in php_execute_script (primary_file=0xbfffecb0) at
#7 0x4065b0b0 in apache_php_module_main (r=0x8090f00,
display_source_mode=0) at /root/php-4.3.3/sapi/apache/sapi_apache.c:54
#8 0x4065c065 in send_php (r=0x8090f00, display_source_mode=0,
filename=0x8092d90 "/home/www/arcoportal/phpbb2/profile.php") at
#9 0x4065c0de in send_pd_php (r=0x8090f00) at
#10 0x08055137 in ap_invoke_handler (r=0x8090f00) at http_config.c:518
#11 0x08069eff in process_request_internal (r=0x8090f00) at
#12 0x0806a161 in ap_process_request (r=0x8090f00) at http_request.c:1324

#13 0x08061bbf in child_main (child_num_arg=0) at http_main.c:4689
#14 0x08061da3 in make_child (s=0x0, slot=2, now=0) at http_main.c:4868
#15 0x08062166 in perform_idle_server_maintenance () at http_main.c:5050
#16 0x0806286d in standalone_main (argc=5, argv=0xbffff1f4) at
#17 0x08063076 in main (argc=5, argv=0xbffff1f4) at http_main.c:5566
#18 0x401af8ae in __libc_start_main () from /lib/

Edit bug report at [url][/url]
Try a CVS snapshot (php4): [url][/url]
Try a CVS snapshot (php5): [url][/url]
Fixed in CVS: [url][/url]
Fixed in release: [url][/url]
Need backtrace: [url][/url]
Try newer version: [url][/url]
Not developer issue: [url][/url]
Expected behavior: [url][/url]
Not enough info: [url][/url]
Submitted twice: [url][/url]
register_globals: [url][/url]
PHP 3 support discontinued: [url][/url]
Daylight Savings: [url][/url]
IIS Stability: [url][/url]
Install GNU Sed: [url][/url]