php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #60576 PHP cURL crash connecting to IIS6 website with NTLM authentication
Submitted: 2011-12-20 15:24 UTC Modified: 2012-09-28 17:07 UTC
Votes:1
Avg. Score:5.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:1 (100.0%)
Same OS:1 (100.0%)
From: cf at infomantis dot de Assigned: pierrick (profile)
Status: Closed Package: cURL related
PHP Version: 5.3.8 OS: Windows Server 2003/XP/7 (32/64)
Private report: No CVE-ID: None
View Add Comment Developer Edit
 [2011-12-20 15:24 UTC] cf at infomantis dot de 
Description:
------------
If one connects to an IIS 6 website configured with "Windows Authentication"
without the correct authentication credentials and authentication type set one would expect the PHP code (see sample code) to return the HTTP status code 401 and exit normally.
This is the behaviour as seen with PHP 5.3.6. For the version 5.3.7/5.3.8 (and 
also tested with the snapshot 5.3 r321148) the PHP process crashes with an access violation (see backtrace). Only if correct authentication credentials are given and the cURL option CURLOPT_HTTPAUTH is set to CURLAUTH_NTLM (CURLAUTH_ANY or CURLAUTH_ANYSAFE will not work!) the script terminates successfully and returns the content of the then authenticated request. 
The behaviour is not limited to requests to localhost (as in the sample code) and a request to an IIS 7 website with "Windows Authentication" will show the expected result (status 401 - no access violation). 

Test script:
---------------
<?php
$curl = curl_init("http://localhost");
curl_setopt($curl, CURLOPT_VERBOSE, true);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
// if the authentication information are not given 
// in exactly this way the process will crash with 
// an access violation.
//curl_setopt($curl, CURLOPT_HTTPAUTH, CURLAUTH_NTLM);
//curl_setopt($curl, CURLOPT_USERPWD, '<domain>/<user>:<password>');
$data = curl_exec($curl);
if(curl_errno($curl)) {
   echo 'cURL error: ' . curl_error($curl)."\n";
}
curl_close($curl);

Expected result:
----------------
* About to connect() to localhost port 80 (#0)
*   Trying 127.0.0.1... * connected
* Connected to localhost (127.0.0.1) port 80 (#0)
> GET / HTTP/1.1
Host: localhost
Accept: */*

< HTTP/1.1 401 Unauthorized
< Content-Length: 1656
< Content-Type: text/html
< Server: Microsoft-IIS/6.0
< WWW-Authenticate: Negotiate
< WWW-Authenticate: NTLM
< Date: Tue, 20 Dec 2011 15:17:01 GMT
<
* Connection #0 to host localhost left intact
* Closing connection #0

Actual result:
--------------
hread 0 - System ID 836
Entry point   php!mainCRTStartup 
Create time   20.12.2011 15:59:09 
Time spent in user mode   0 Days 0:0:0.0 
Time spent in kernel mode   0 Days 0:0:0.62 

.NET Call Stack

Full Call Stack

Function     Arg 1     Arg 2     Arg 3   Source 
wow64!Wow64NotifyDebugger+9     6b0064f2     00000000     00000000    
wow64!Wow64KiRaiseException+172     6b006866     00000000     0140d730    
wow64!Wow64SystemServiceEx+d6     78b83c7d     00000000     00000000    
wow64cpu!ServiceNoTurbo+28     6b006a5a     00000000     7efdf000    
wow64!RunCpuSimulation+a     6b005e0d     00000000     00000000    
wow64!Wow64LdrpInitialize+2ed     77ed7a00     00000000     00c0f710    
ntdll!LdrpInitializeProcess+1558     77ed519f     00000000     00000000    
ntdll!LdrpInitialize+18f     77ef2af5     00000000     00000000    
ntdll!KiUserApcDispatcher+15     00000000     00000000     00000000    
0x77d59680     00000000     00000000     00000000    


Exception Information
PHP_CURL!CURL_INPUT_NEGOTIATE+104In php__PID__2880__Date__12_20_2011__Time_04_02_22PM__536__Second_Chance_Exception_C0000005.dmp 
the assembly instruction at 
php_curl!Curl_input_negotiate+104 in C:\home\PHP\php-5.3-nts-windows-vc9-x86-r321148\ext\php_curl.dll from The PHP Group 
has caused an access violation exception (0xC0000005) when trying to read from memory 
location 0x00000044 on thread 0

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2012-01-13 17:31 UTC] jammitch at gmail dot com 
I am able to reproduce this bug, or something incredibly similar, on IIS 7 and 7.5, using an out-of-the-box install of WordPress 5.3.8. The cURL jobs trigger every minute or so, so that's one page that crashes each minute.

And I'm not the only one:

http://stackoverflow.com/questions/8798286/php-5-3-8-wordpress-curl-intermittent-error

Unfortunately, using cURL from PHP 5.3.6 won't work, as I need the cainfo parameter in php.ini to set a root certificate, as the WordPress install is behind SSL. I may end up having to do it in code until this is fixed.
 [2012-02-10 16:10 UTC] jammitch at gmail dot com 
This appears to be fixed in PHP 5.3.10.
 [2012-02-24 10:00 UTC] cf at infomantis dot de 
I verified the issue with our test environment and PHP 3.5.10 and the test script shows the expected result. The access violation is fixed.

Thanks a lot!
 [2012-09-28 17:07 UTC] pierrick@php.net 
The fix for this bug has been committed.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.

 For Windows:

http://windows.php.net/snapshots/
 
Thank you for the report, and for helping us make PHP better.

As per cf at infomantis dot de the bug is now fixed.
 [2012-09-28 17:07 UTC] pierrick@php.net
-Status: Open +Status: Closed -Assigned To: +Assigned To: pierrick
 [2013-01-08 10:56 UTC] erik at daychanged dot com 
I am still experiencing this issue with 5.3.19 when doing a curl request against a remote IIS 6 website. The workaround was to replace CURLAUTH_ANY with CURLAUTH_NTLM in my SOAP calls.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Thu May 02 05:01:31 2024 UTC