ldap connection timeouts not enforced
| Bug #69574 | ldap connection timeouts not enforced | ||||
|---|---|---|---|---|---|
| Submitted: | 2015-05-05 13:54 UTC | Modified: | 2022-08-11 19:40 UTC | ||
| From: | ryan dot brothers at gmail dot com | Assigned: | mcmic (profile) | ||
| Status: | Closed | Package: | LDAP related | ||
| PHP Version: | 5.6.8 | OS: | Linux | ||
| Private report: | No | CVE-ID: | None | ||
[2015-05-05 13:54 UTC] ryan dot brothers at gmail dot com
Description:
------------
I am trying to simulate a LDAP server timing out. I'm setting the options LDAP_OPT_NETWORK_TIMEOUT and LDAP_OPT_TIMELIMIT, but the script runs indefinitely without timing out.
In one ssh session, I am running the following command to simulate a socket listener:
nc -l 1234
If I run the below script in a second ssh session, it runs forever and never times out.
Is there a way to have this script timeout after a certain number of seconds?
Test script:
---------------
<?php
$ldap = ldap_connect('127.0.0.1:1234');
ldap_set_option($ldap, LDAP_OPT_NETWORK_TIMEOUT, 3);
ldap_set_option($ldap, LDAP_OPT_TIMELIMIT, 3);
ldap_bind($ldap);
Expected result:
----------------
Script times out in 3 seconds.
Actual result:
--------------
Script never times out.
Patches
Pull Requests
History
AllCommentsChangesGit/SVN commits
[2015-09-09 13:47 UTC] mcmic@php.net
I can’t reproduce this, I tried your script, I got «PHP Warning: ldap_connect(): Could not create session handle: Bad parameter to an ldap routine in /tmp/test.php on line 3» So I replaced the call to ldap_connect by «$ldap = ldap_connect('127.0.0.1:1234');» I launched «nc -l 1234» in a shell, in an other one the PHP script, I only got «PHP Warning: ldap_bind(): Unable to bind to server: Can't contact LDAP server in /tmp/test.php on line 8» immediatly, not even after 3 seconds. Not sure how to test this otherwise…[2015-09-09 13:48 UTC] mcmic@php.net
I meant I replaced it by «$ldap = ldap_connect('localhost', 1234);», sorry.[2015-09-09 13:51 UTC] mcmic@php.net
[2015-09-09 13:51 UTC] mcmic@php.net
-Status: Open +Status: Assigned -Assigned To: +Assigned To: mcmic
[2015-09-09 15:24 UTC] mcmic@php.net
[2015-09-10 10:00 UTC] mcmic@php.net
-Status: Assigned +Status: Closed
[2015-09-10 10:00 UTC] mcmic@php.net
[2022-08-11 18:10 UTC] tanjh58 at hotmail dot com
This doesn't work for ldaps protocol. Here is my code: <?php $ldap = ldap_connect('ldaps://127.0.0.1:636'); ldap_set_option($ldap, LDAP_OPT_NETWORK_TIMEOUT, 3); ldap_set_option($ldap, LDAP_OPT_TIMELIMIT, 3); ldap_set_option($ldap, LDAP_OPT_TIMEOUT, 3); ldap_bind($ldap); ?> This never timeout.[2022-08-11 18:38 UTC] requinix@php.net
-Summary: ldap timeouts not enforced +Summary: ldap connection timeouts not enforced
[2022-08-11 18:38 UTC] requinix@php.net
Connection timeouts must be set before connecting. Set LDAP_OPT_NETWORK_TIMEOUT globally before calling ldap_connect() by passing null in place of a connection. ldap_set_option(null, LDAP_OPT_NETWORK_TIMEOUT, 3); ldap_connect('127.0.0.1:1234'); Meanwhile ldap_bind() is something else.[2022-08-11 19:40 UTC] heiglandreas@php.net
[2022-08-12 03:04 UTC] tanjh58 at hotmail dot com
For ldap protocol, I did the similar code: <?php $ldap = ldap_connect('ldap://127.0.0.1:389'); ldap_set_option($ldap, LDAP_OPT_NETWORK_TIMEOUT, 3); ldap_set_option($ldap, LDAP_OPT_TIMELIMIT, 3); ldap_set_option($ldap, LDAP_OPT_TIMEOUT, 3); ldap_bind($ldap); ?> This times out in 3 seconds. How could you set timeout before ldap_connect, if $ldap is not set by ldap_connect call?