MFH(r-1.147): Fix Bug #25525 ldap_explode_dn() crashes when passed invalid params

2 files changed, 6 insertions, 1 deletions

diff --git a/NEWS b/NEWS
index cba30eeb98..c73958454a 100644
--- a/NEWS
+++ b/NEWS
@@ -7,6 +7,8 @@ PHP 4                                                                      NEWS
 - Fixed crash bug when non-existing save/serializer handler was used. (Jani)
 - Fixed memory leak in gethostbynamel() if an error occurs. (Sara)
 - Fixed FastCGI being unable to bind to a specific IP. (Sascha)
+- Fixed bug #25525 (ldap_explode_dn() crashes when passed invalid dn).
+  (Sara, patch by: mikael dot suvi at trigger dot ee)
 - Fixed bug #25504 (pcre_match_all() crashes when passed only 2 parameters).
   (Jani)
 - Fixed bug #25494 (array_merge*() allows non-arrays as argument). (Jay)
diff --git a/ext/ldap/ldap.c b/ext/ldap/ldap.c
index 62eb93eca0..eef7428a18 100644
--- a/ext/ldap/ldap.c
+++ b/ext/ldap/ldap.c
@@ -1208,7 +1208,10 @@ PHP_FUNCTION(ldap_explode_dn)
 	convert_to_string_ex(dn);
 	convert_to_long_ex(with_attrib);
 
-	ldap_value = ldap_explode_dn(Z_STRVAL_PP(dn), Z_LVAL_PP(with_attrib));
+	if (!(ldap_value = ldap_explode_dn(Z_STRVAL_PP(dn), Z_LVAL_PP(with_attrib)))) {
+		/* Invalid parameters were passed to ldap_explode_dn */
+		RETURN_FALSE;
+	}
 
 	i=0;
 	while(ldap_value[i] != NULL) i++;