Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:28183 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 39852 invoked by uid 1010); 28 Feb 2007 20:47:19 -0000 Delivered-To: ezmlm-scan-internals@lists.php.net Delivered-To: ezmlm-internals@lists.php.net Received: (qmail 39836 invoked from network); 28 Feb 2007 20:47:19 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 28 Feb 2007 20:47:19 -0000 Authentication-Results: pb1.pair.com smtp.mail=antony@zend.com; spf=pass; sender-id=pass Authentication-Results: pb1.pair.com header.from=antony@zend.com; sender-id=pass Received-SPF: pass (pb1.pair.com: domain zend.com designates 212.25.124.162 as permitted sender) X-PHP-List-Original-Sender: antony@zend.com X-Host-Fingerprint: 212.25.124.162 mail.zend.com Linux 2.5 (sometimes 2.4) (4) Received: from [212.25.124.162] ([212.25.124.162:48943] helo=mail.zend.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id AC/62-34076-45AE5E54 for ; Wed, 28 Feb 2007 15:47:19 -0500 Received: (qmail 6143 invoked from network); 28 Feb 2007 20:45:27 -0000 Received: from internal.zend.office (HELO ?127.0.0.1?) (10.1.1.1) by internal.zend.office with SMTP; 28 Feb 2007 20:45:27 -0000 Message-ID: <45E5EA50.3070800@zend.com> Date: Wed, 28 Feb 2007 23:47:12 +0300 User-Agent: Thunderbird 2.0b2 (X11/20070116) MIME-Version: 1.0 To: cardoe@gentoo.org CC: internals@lists.php.net References: <40059.216.155.111.10.1172694790.squirrel@webmail.cardoe.com> In-Reply-To: <40059.216.155.111.10.1172694790.squirrel@webmail.cardoe.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: [PHP-DEV] LDAP functions implemented poorly From: antony@zend.com (Antony Dovgal) Hello. Thanks for sending the patch here. On 02/28/2007 11:33 PM, Doug Goldstein wrote: > Referencing Bug #38819 & Bug #40671 > http://bugs.php.net/bug.php?id=38819 > http://bugs.php.net/bug.php?id=40671 > > Essentially I looked through the above mentioned bug, the bugs opened > with OpenLDAP developers, and then reviewed ext/ldap/ldap.c and it > appears the API calls made by PHP are not necessarily the safest ways to > write the PHP wrapper functions. Based on tony2001@php.net's comment > that the LDAP module is unmaintained I went ahead and made some > changes. > The functions char **ldap_get_values(ld, entry, attr) and struct berval > **ldap_get_values_len(ld, entry, attr) are essentially inter-changeable. > The big difference being that the berval struct provides you with a char > * and the size_t of the data. Rather then just a char * that you then > have to strlen() which will result in problems if the returned data is > not NULL terminated data. PHP's internal functions make the mistake of > assuming all data will be string data (NULL terminated char *) data, > which is the cause of the crash in bug #38819. Wait, I thought the DEPRECATED thing fixed it (I can't test it myself as I don't use LDAP). If not, then what was it all about? > The patch attached removes all of those assumptions and uses > ldap_get_values_len() and uses the length provided back by the structure > to feed add_index_stringl() instead of using add_index_string() which > will call it's own strlen() on the provided data. > > This patch also removes ldap_get_values() as a PHP function and makes it > an alias of ldap_get_values_len() since there's no difference and the > same data can be returned, it's just a safer version. Some comments regarding the patch: First of all, why do you add a new function and comment the old one instead of changing/fixing the old function? We definitely don't need dead/commented out code in the sources =) Then, it's a bit too late to change 5.1.6, when 5.2.2 is on it's way, so surely we would like to see the patches for 5.2.2 instead. You can get its sources from CVS using PHP_5_2 branch: cvs -d :pserver:anonymous@cvs.php.net/repository co -r PHP_5_2 php-src -- Wbr, Antony Dovgal