php/archived-php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2026-03-24 00:02:20 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fix #67792: HTTP Authorization schemes are treated as case-sensitive

Browse Source 
We use `zend_binary_strncasecmp()` to avoid any locale issues, and
refactor.  We also add a test case for Digest authentication.

Closes GH-6900.
This commit is contained in:
Christoph M. Becker
2021-04-23 15:28:11 +02:00
parent 054fad6d63
commit 39ddf6b89c
3 changed files with 43 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
NEWS
View File

@@ -7,6 +7,8 @@ PHP NEWS
call_user_func_array). (twosee)
. Fixed bug #80960 (opendir() warning wrong info when failed on Windows).
(cmb)
. Fixed bug #67792 (HTTP Authorization schemes are treated as case-sensitive).
(cmb)
- pgsql:
. Fixed php_pgsql_fd_cast() wrt. php_stream_can_cast(). (cmb)

7
main/main.c
View File

@@ -2712,12 +2712,13 @@ PHPAPI void php_handle_aborted_connection(void)
PHPAPI int php_handle_auth_data(const char *auth)
{
int ret = -1;
size_t auth_len = auth != NULL ? strlen(auth) : 0;
if (auth && auth[0] != '\0' && strncmp(auth, "Basic ", 6) == 0) {
if (auth && auth_len > 0 && zend_binary_strncasecmp(auth, auth_len, "Basic ", sizeof("Basic ")-1, sizeof("Basic ")-1) == 0) {
char *pass;
zend_string *user;
user = php_base64_decode((const unsigned char*)auth + 6, strlen(auth) - 6);
user = php_base64_decode((const unsigned char*)auth + 6, auth_len - 6);
if (user) {
pass = strchr(ZSTR_VAL(user), ':');
if (pass) {
@@ -2736,7 +2737,7 @@ PHPAPI int php_handle_auth_data(const char *auth)
SG(request_info).auth_digest = NULL;
}
if (ret == -1 && auth && auth[0] != '\0' && strncmp(auth, "Digest ", 7) == 0) {
if (ret == -1 && auth && auth_len > 0 && zend_binary_strncasecmp(auth, auth_len, "Digest ", sizeof("Digest ")-1, sizeof("Digest ")-1) == 0) {
SG(request_info).auth_digest = estrdup(auth + 7);
ret = 0;
}

37
sapi/cli/tests/php_cli_server_021.phpt Normal file
View File

@@ -0,0 +1,37 @@
--TEST--
Digest Authentication
--SKIPIF--
<?php
include "skipif.inc";
?>
--FILE--
<?php
include "php_cli_server.inc";
php_cli_server_start('var_dump(!isset($_SERVER["PHP_AUTH_USER"]), !isset($_SERVER["PHP_AUTH_PW"]), $_SERVER["PHP_AUTH_DIGEST"]);');
$host = PHP_CLI_SERVER_HOSTNAME;
$fp = php_cli_server_connect();
if(fwrite($fp, <<<HEADER
GET / HTTP/1.1
Host: {$host}
Authorization: digest username="Mufasa", realm="testrealm@host.com", nonce="dcd98b7102dd2f0e8b11d0f600bfb0c093", uri="/dir/index.html", qop=auth, nc=00000001, cnonce="0a4f113b", response="6629fae49393a05397450978507c4ef1", opaque="5ccc069c403ebaf9f0171e9517f40e41"
HEADER
)) {
fpassthru($fp);
}
?>
--EXPECTF--
HTTP/1.1 200 OK
Host: %s
Date: %s
Connection: close
X-Powered-By: PHP/%s
Content-type: text/html; charset=UTF-8
bool(true)
bool(true)
string(242) "username="Mufasa", realm="testrealm@host.com", nonce="dcd98b7102dd2f0e8b11d0f600bfb0c093", uri="/dir/index.html", qop=auth, nc=00000001, cnonce="0a4f113b", response="6629fae49393a05397450978507c4ef1", opaque="5ccc069c403ebaf9f0171e9517f40e41""