php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #63126 DISABLE_AUTHENTICATOR ignores array
Submitted: 2012-09-21 06:33 UTC Modified: 2012-11-24 16:22 UTC
From: remi@php.net Assigned: remi (profile)
Status: Closed Package: IMAP related
PHP Version: 5.4.7 OS: GNU/Linux (Fedora 18)
Private report: No CVE-ID: None
 [2012-09-21 06:33 UTC] remi@php.net
Description:
------------
According to source code, DISABLE_AUTHENTICATOR could be a string or an array.

Works as expected:
imap_open($srv,$user,$pass,OP_HALF_OPEN,1,
   array('DISABLE_AUTHENTICATOR'=>'GSSAPI');

Doesn't works:
imap_open($srv,$user,$pass,OP_HALF_OPEN,1,
   array('DISABLE_AUTHENTICATOR'=>array('GSSAPI','NTLM'));


The trivial attached patch should fix this (but cannot test it)



Patches

imap.patch (last revision 2012-09-21 06:33 UTC by remi)

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2012-09-21 06:42 UTC] remi@php.net
This also affects php 5.3
 [2012-09-21 07:38 UTC] remi@php.net
I can find a exchange server an test the fix.

Test script:
$inbox = imap_open($server,$userlogin,$password,OP_HALFOPEN,1,array('DISABLE_AUTHENTICATOR' => array('GSSAPI','NTLM')));
var_dump(imap_errors());

Without the patch:
array(2) {
  [0]=>
  string(148) "Kerberos error: Credentials cache file '/run/user/1000/krb5cc_ea1f24ead9d3199b715d4d57505d4335/t (try running kinit) for exchange2007.xxxx"
  [1]=>
  string(55) "SECURITY PROBLEM: insecure server advertised AUTH=PLAIN"
}

With the patch:
array(1) {
  [0]=>
  string(55) "SECURITY PROBLEM: insecure server advertised AUTH=PLAIN"
}
 [2012-09-21 07:55 UTC] remi@php.net
I try to send my first pull request, I hope this is ok
https://github.com/php/php-src/pull/200
 [2012-11-24 13:39 UTC] remi@php.net
-Status: Open +Status: Assigned -Assigned To: +Assigned To: remi
 [2012-11-24 13:59 UTC] remi@php.net
Automatic comment on behalf of remi
Revision: http://git.php.net/?p=php-src.git;a=commit;h=f55bed9dad0ffbec170b857c0b3b1b33426fe9d5
Log: Fixed Bug #63126 DISABLE_AUTHENTICATOR ignores array
 [2012-11-24 13:59 UTC] remi@php.net
-Status: Assigned +Status: Closed
 [2012-11-24 14:02 UTC] remi@php.net
Automatic comment on behalf of remi
Revision: http://git.php.net/?p=php-src.git;a=commit;h=f55bed9dad0ffbec170b857c0b3b1b33426fe9d5
Log: Fixed Bug #63126 DISABLE_AUTHENTICATOR ignores array
 [2012-11-24 14:03 UTC] remi@php.net
Automatic comment on behalf of remi
Revision: http://git.php.net/?p=php-src.git;a=commit;h=f55bed9dad0ffbec170b857c0b3b1b33426fe9d5
Log: Fixed Bug #63126 DISABLE_AUTHENTICATOR ignores array
 [2012-11-24 14:04 UTC] remi@php.net
Automatic comment on behalf of remi
Revision: http://git.php.net/?p=php-src.git;a=commit;h=f55bed9dad0ffbec170b857c0b3b1b33426fe9d5
Log: Fixed Bug #63126 DISABLE_AUTHENTICATOR ignores array
 [2012-11-24 16:22 UTC] laruence@php.net
@remi, please also commit your test script. thanks
 [2012-12-19 17:55 UTC] derick@php.net
Automatic comment on behalf of remi
Revision: http://git.php.net/?p=php-src.git;a=commit;h=f55bed9dad0ffbec170b857c0b3b1b33426fe9d5
Log: Fixed Bug #63126 DISABLE_AUTHENTICATOR ignores array
 [2014-10-07 23:21 UTC] stas@php.net
Automatic comment on behalf of remi
Revision: http://git.php.net/?p=php-src-security.git;a=commit;h=f55bed9dad0ffbec170b857c0b3b1b33426fe9d5
Log: Fixed Bug #63126 DISABLE_AUTHENTICATOR ignores array
 [2014-10-07 23:32 UTC] stas@php.net
Automatic comment on behalf of remi
Revision: http://git.php.net/?p=php-src-security.git;a=commit;h=f55bed9dad0ffbec170b857c0b3b1b33426fe9d5
Log: Fixed Bug #63126 DISABLE_AUTHENTICATOR ignores array
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Thu Nov 21 15:01:30 2024 UTC