1--TEST-- 2Bug #76248 (Malicious LDAP-Server Response causes Crash) 3--SKIPIF-- 4<?php 5require_once('skipif.inc'); 6if (!function_exists('pcntl_fork')) die('skip fork not available'); 7?> 8--FILE-- 9<?php 10$pid = pcntl_fork(); 11const PORT = 12345; 12if ($pid == 0) { 13 // child 14 $server = stream_socket_server("tcp://127.0.0.1:12345"); 15 $socket = stream_socket_accept($server, 3); 16 fwrite($socket, base64_decode("MAwCAQFhBwoBAAQABAAweQIBAmR0BJljbj1yb290LGRjPWV4YW1wbGUsZGM9Y29tMFcwIwQLb2JqZWN0Q2xhc3MxFAQSb3JnYW5pemF0aW9uYWxSb2xlMAwEAmNuMQYEBHJvb3QwIgQLZGVzY3JpcHRpb24xEwQRRGlyZWN0b3J5IE1hbmFnZXIwDAIBAmUHCgEABAAEADB5AgEDZHQEmWNuPXJvb3QsZGM9ZXhhbXBsZSxkYz1jb20wVzAjBAtvYmplY3RDbGFzczEUBBJvcmdhbml6YXRpb25hbFJvbGUwDAQCY24xBgQEcm9vdDAiBAtkZXNjcmlwdGlvbjETBBFEaXJlY3RvcnkgTWFuYWdlcjAMAgEDZQcKAQAEAAQA")); 17 fflush($socket); 18} else { 19 // parent 20 $ds = ldap_connect("127.0.0.1", PORT); 21 ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3); 22 $b = ldap_bind($ds, "cn=root,dc=example,dc=com", "secret"); 23 24 $s = ldap_search($ds, "dc=example,dc=com", "(cn=root)"); 25 $tt = ldap_get_entries($ds, $s); 26 var_dump($tt); 27} 28?> 29--EXPECT-- 30array(2) { 31 ["count"]=> 32 int(1) 33 [0]=> 34 array(2) { 35 ["count"]=> 36 int(0) 37 ["dn"]=> 38 NULL 39 } 40}
