|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #63527 DCOM does not work with Username, Password parameter
Submitted: 2012-11-15 13:06 UTC Modified: 2020-07-10 13:51 UTC
Avg. Score:4.8 ± 0.4
Reproduced:5 of 5 (100.0%)
Same Version:1 (20.0%)
Same OS:4 (80.0%)
From: friedrich dot grosse at gmail dot com Assigned: cmb (profile)
Status: Closed Package: COM related
PHP Version: 5.4.8 OS: Windows Server 2008 R2
Private report: No CVE-ID: None
 [2012-11-15 13:06 UTC] friedrich dot grosse at gmail dot com
I try to instantiate a DCOM object on a remote machine (Windows Server 2008 R2) 
in another 
domain using the Username and Password parameters of the COM class constructor 
I did also figure out that there is a Domain parameter which is not mentioned in 
the manual at 

However I can not authenticate at the remote machine.
The event log there indicates that only the first character of the Logon 
Accounts Username has 
been transmitted to the DCOM Server.
The Domain parameter has been received completely.

I am not familiar with PHP internals but I did a quick look in the source code 
and would guess 
that the issue can be traced back to [2].

The user_name and user_name_len are already parsed some lines above.
Why is php_com_string_to_olestring called with a -1 as second parameter which 
leads to 
determining the length of the username again?

Maybe giving user_name_len instead of -1 could fix this issue?


Test script:
try {
  $DCOMserverInfo = array(
      'Server' => "",
      'Username' => "Admin",
      'Domain' => "",
      'Password' => "password"
  /** You may change the COM module name to word.application or whatever COM enabled app is installed on the target machine. **/
  $comObj = new COM("word.application", $DCOMserverInfo);
  echo "Everything works fine";
catch (Exception $exception) {
  echo exception->getMessage();

Expected result:
Everything works fine

Actual result:
Failed to create COM object `word.application': Access is denied.


Add a Patch

Pull Requests

Pull requests:

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2012-11-15 13:17 UTC] friedrich dot grosse at gmail dot com
Here are some information copied from the security event log of the target 
machine. Note that the username is just 'A' and not the wanted 'Admin':

	Security ID:		NULL SID
	Account Name:		-
	Account Domain:		-
	Logon ID:		0x0

Logon Type:			3

Account For Which Logon Failed:
	Security ID:		NULL SID
	Account Name:		A
	Account Domain:
 [2015-06-05 18:52 UTC] bradley at scrapcode dot com
I can verify Friedrich's suggested fix is correct.
(Changing -1 to user_name_len on line 131)
 [2020-07-10 13:49 UTC]
The following pull request has been associated:

Patch Name: Fix #63527: DCOM does not work with Username, Password parameter
On GitHub:
 [2020-07-10 13:51 UTC]
-Status: Open +Status: Verified -Assigned To: +Assigned To: cmb
 [2020-07-20 12:46 UTC]
Automatic comment on behalf of
Log: Fix #63527: DCOM does not work with Username, Password parameter
 [2020-07-20 12:46 UTC]
-Status: Verified +Status: Closed
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Tue May 21 01:01:31 2024 UTC