From: Operating system: Windows Server 2003/XP/7 (32/64) PHP version: 5.3.8 Package: cURL related Bug Type: Bug Bug description:PHP cURL crash connecting to IIS6 website with NTLM authentication
Description: ------------ If one connects to an IIS 6 website configured with "Windows Authentication" without the correct authentication credentials and authentication type set one would expect the PHP code (see sample code) to return the HTTP status code 401 and exit normally. This is the behaviour as seen with PHP 5.3.6. For the version 5.3.7/5.3.8 (and also tested with the snapshot 5.3 r321148) the PHP process crashes with an access violation (see backtrace). Only if correct authentication credentials are given and the cURL option CURLOPT_HTTPAUTH is set to CURLAUTH_NTLM (CURLAUTH_ANY or CURLAUTH_ANYSAFE will not work!) the script terminates successfully and returns the content of the then authenticated request. The behaviour is not limited to requests to localhost (as in the sample code) and a request to an IIS 7 website with "Windows Authentication" will show the expected result (status 401 - no access violation). Test script: --------------- <?php $curl = curl_init("http://localhost"); curl_setopt($curl, CURLOPT_VERBOSE, true); curl_setopt($curl, CURLOPT_RETURNTRANSFER, true); // if the authentication information are not given // in exactly this way the process will crash with // an access violation. //curl_setopt($curl, CURLOPT_HTTPAUTH, CURLAUTH_NTLM); //curl_setopt($curl, CURLOPT_USERPWD, '<domain>/<user>:<password>'); $data = curl_exec($curl); if(curl_errno($curl)) { echo 'cURL error: ' . curl_error($curl)."\n"; } curl_close($curl); Expected result: ---------------- * About to connect() to localhost port 80 (#0) * Trying 127.0.0.1... * connected * Connected to localhost (127.0.0.1) port 80 (#0) > GET / HTTP/1.1 Host: localhost Accept: */* < HTTP/1.1 401 Unauthorized < Content-Length: 1656 < Content-Type: text/html < Server: Microsoft-IIS/6.0 < WWW-Authenticate: Negotiate < WWW-Authenticate: NTLM < Date: Tue, 20 Dec 2011 15:17:01 GMT < * Connection #0 to host localhost left intact * Closing connection #0 Actual result: -------------- hread 0 - System ID 836 Entry point php!mainCRTStartup Create time 20.12.2011 15:59:09 Time spent in user mode 0 Days 0:0:0.0 Time spent in kernel mode 0 Days 0:0:0.62 .NET Call Stack Full Call Stack Function Arg 1 Arg 2 Arg 3 Source wow64!Wow64NotifyDebugger+9 6b0064f2 00000000 00000000 wow64!Wow64KiRaiseException+172 6b006866 00000000 0140d730 wow64!Wow64SystemServiceEx+d6 78b83c7d 00000000 00000000 wow64cpu!ServiceNoTurbo+28 6b006a5a 00000000 7efdf000 wow64!RunCpuSimulation+a 6b005e0d 00000000 00000000 wow64!Wow64LdrpInitialize+2ed 77ed7a00 00000000 00c0f710 ntdll!LdrpInitializeProcess+1558 77ed519f 00000000 00000000 ntdll!LdrpInitialize+18f 77ef2af5 00000000 00000000 ntdll!KiUserApcDispatcher+15 00000000 00000000 00000000 0x77d59680 00000000 00000000 00000000 Exception Information PHP_CURL!CURL_INPUT_NEGOTIATE+104In php__PID__2880__Date__12_20_2011__Time_04_02_22PM__536__Second_Chance_Exception_C0000005.dmp the assembly instruction at php_curl!Curl_input_negotiate+104 in C:\home\PHP\php-5.3-nts-windows-vc9-x86-r321148\ext\php_curl.dll from The PHP Group has caused an access violation exception (0xC0000005) when trying to read from memory location 0x00000044 on thread 0 -- Edit bug report at https://bugs.php.net/bug.php?id=60576&edit=1 -- Try a snapshot (PHP 5.4): https://bugs.php.net/fix.php?id=60576&r=trysnapshot54 Try a snapshot (PHP 5.3): https://bugs.php.net/fix.php?id=60576&r=trysnapshot53 Try a snapshot (trunk): https://bugs.php.net/fix.php?id=60576&r=trysnapshottrunk Fixed in SVN: https://bugs.php.net/fix.php?id=60576&r=fixed Fixed in SVN and need be documented: https://bugs.php.net/fix.php?id=60576&r=needdocs Fixed in release: https://bugs.php.net/fix.php?id=60576&r=alreadyfixed Need backtrace: https://bugs.php.net/fix.php?id=60576&r=needtrace Need Reproduce Script: https://bugs.php.net/fix.php?id=60576&r=needscript Try newer version: https://bugs.php.net/fix.php?id=60576&r=oldversion Not developer issue: https://bugs.php.net/fix.php?id=60576&r=support Expected behavior: https://bugs.php.net/fix.php?id=60576&r=notwrong Not enough info: https://bugs.php.net/fix.php?id=60576&r=notenoughinfo Submitted twice: https://bugs.php.net/fix.php?id=60576&r=submittedtwice register_globals: https://bugs.php.net/fix.php?id=60576&r=globals PHP 4 support discontinued: https://bugs.php.net/fix.php?id=60576&r=php4 Daylight Savings: https://bugs.php.net/fix.php?id=60576&r=dst IIS Stability: https://bugs.php.net/fix.php?id=60576&r=isapi Install GNU Sed: https://bugs.php.net/fix.php?id=60576&r=gnused Floating point limitations: https://bugs.php.net/fix.php?id=60576&r=float No Zend Extensions: https://bugs.php.net/fix.php?id=60576&r=nozend MySQL Configuration Error: https://bugs.php.net/fix.php?id=60576&r=mysqlcfg