Skip to content

Bug In Ldap Adapter Connection Class when Error handling #37577

New issue
New issue
Closed
#37594
Closed
Bug In Ldap Adapter Connection Class when Error handling#37577
#37594
Labels
BugLdapStatus: Needs Review
@a-zb

Description

@a-zb
a-zb
opened on Jul 14, 2020

Symfony Ldap version(s) affected: master

Description
File https://github.com/symfony/ldap/blob/master/Adapter/ExtLdap/Connection.php
Three class member constants are defined in hexadecimal numerals contained in single quote strings.

private const LDAP_INVALID_CREDENTIALS = '0x31';
private const LDAP_TIMEOUT = '0x55';
private const LDAP_ALREADY_EXISTS = '0x44';

Method bind() compares above within a switch statement, but this is incorrectly comparing hexadecimal in strings
to a decimal returned by ldap_errno() function :

if (false === @ldap_bind($this->connection, $dn, $password)) {
            $error = ldap_error($this->connection);
            switch (ldap_errno($this->connection)) {
                case self::LDAP_INVALID_CREDENTIALS:
                    throw new InvalidCredentialsException($error);
                case self::LDAP_TIMEOUT:
                    throw new ConnectionTimeoutException($error);
                case self::LDAP_ALREADY_EXISTS:
                    throw new AlreadyExistsException($error);
            }
            throw new ConnectionException($error);
        }

How to reproduce
Provide an invalid password to force a InvalidCredentialsException, but instead ConnectionException is thrown.

Possible Solution
Define the constants without single quotes, as hexadecimal integers. Otherwise use a function like hexdec() or related in bind() function when comparing the values.

Additional context
None

Metadata

Metadata

Assignees

No one assigned

    Labels

    BugLdapStatus: Needs Review

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions