[PHP-BUG] Bug #60576 [NEW]: PHP cURL crash connecting to IIS6 website with NTLM authentication

[cf at infomantis dot de]

From:             
Operating system: Windows Server 2003/XP/7 (32/64)
PHP version:      5.3.8
Package:          cURL related
Bug Type:         Bug
Bug description:PHP cURL crash connecting to IIS6 website with NTLM 
authentication

Description:
------------
If one connects to an IIS 6 website configured with "Windows
Authentication"
without the correct authentication credentials and authentication type set
one would expect the PHP code (see sample code) to return the HTTP status
code 401 and exit normally.
This is the behaviour as seen with PHP 5.3.6. For the version 5.3.7/5.3.8
(and 
also tested with the snapshot 5.3 r321148) the PHP process crashes with an
access violation (see backtrace). Only if correct authentication
credentials are given and the cURL option CURLOPT_HTTPAUTH is set to
CURLAUTH_NTLM (CURLAUTH_ANY or CURLAUTH_ANYSAFE will not work!) the script
terminates successfully and returns the content of the then authenticated
request. 
The behaviour is not limited to requests to localhost (as in the sample
code) and a request to an IIS 7 website with "Windows Authentication" will
show the expected result (status 401 - no access violation). 

Test script:
---------------
<?php
$curl = curl_init("http://localhost";);
curl_setopt($curl, CURLOPT_VERBOSE, true);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
// if the authentication information are not given 
// in exactly this way the process will crash with 
// an access violation.
//curl_setopt($curl, CURLOPT_HTTPAUTH, CURLAUTH_NTLM);
//curl_setopt($curl, CURLOPT_USERPWD, '<domain>/<user>:<password>');
$data = curl_exec($curl);
if(curl_errno($curl)) {
   echo 'cURL error: ' . curl_error($curl)."\n";
}
curl_close($curl);

Expected result:
----------------
* About to connect() to localhost port 80 (#0)
*   Trying 127.0.0.1... * connected
* Connected to localhost (127.0.0.1) port 80 (#0)
> GET / HTTP/1.1
Host: localhost
Accept: */*

< HTTP/1.1 401 Unauthorized
< Content-Length: 1656
< Content-Type: text/html
< Server: Microsoft-IIS/6.0
< WWW-Authenticate: Negotiate
< WWW-Authenticate: NTLM
< Date: Tue, 20 Dec 2011 15:17:01 GMT
<
* Connection #0 to host localhost left intact
* Closing connection #0

Actual result:
--------------
hread 0 - System ID 836
Entry point   php!mainCRTStartup 
Create time   20.12.2011 15:59:09 
Time spent in user mode   0 Days 0:0:0.0 
Time spent in kernel mode   0 Days 0:0:0.62 

.NET Call Stack

Full Call Stack

Function     Arg 1     Arg 2     Arg 3   Source 
wow64!Wow64NotifyDebugger+9     6b0064f2     00000000     00000000    
wow64!Wow64KiRaiseException+172     6b006866     00000000     0140d730    
wow64!Wow64SystemServiceEx+d6     78b83c7d     00000000     00000000    
wow64cpu!ServiceNoTurbo+28     6b006a5a     00000000     7efdf000    
wow64!RunCpuSimulation+a     6b005e0d     00000000     00000000    
wow64!Wow64LdrpInitialize+2ed     77ed7a00     00000000     00c0f710    
ntdll!LdrpInitializeProcess+1558     77ed519f     00000000     00000000   

ntdll!LdrpInitialize+18f     77ef2af5     00000000     00000000    
ntdll!KiUserApcDispatcher+15     00000000     00000000     00000000    
0x77d59680     00000000     00000000     00000000    


Exception Information
PHP_CURL!CURL_INPUT_NEGOTIATE+104In
php__PID__2880__Date__12_20_2011__Time_04_02_22PM__536__Second_Chance_Exception_C0000005.dmp

the assembly instruction at 
php_curl!Curl_input_negotiate+104 in
C:\home\PHP\php-5.3-nts-windows-vc9-x86-r321148\ext\php_curl.dll from The
PHP Group 
has caused an access violation exception (0xC0000005) when trying to read
from memory 
location 0x00000044 on thread 0

-- 
Edit bug report at https://bugs.php.net/bug.php?id=60576&edit=1
-- 
Try a snapshot (PHP 5.4):            
https://bugs.php.net/fix.php?id=60576&r=trysnapshot54
Try a snapshot (PHP 5.3):            
https://bugs.php.net/fix.php?id=60576&r=trysnapshot53
Try a snapshot (trunk):              
https://bugs.php.net/fix.php?id=60576&r=trysnapshottrunk
Fixed in SVN:                        
https://bugs.php.net/fix.php?id=60576&r=fixed
Fixed in SVN and need be documented: 
https://bugs.php.net/fix.php?id=60576&r=needdocs
Fixed in release:                    
https://bugs.php.net/fix.php?id=60576&r=alreadyfixed
Need backtrace:                      
https://bugs.php.net/fix.php?id=60576&r=needtrace
Need Reproduce Script:               
https://bugs.php.net/fix.php?id=60576&r=needscript
Try newer version:                   
https://bugs.php.net/fix.php?id=60576&r=oldversion
Not developer issue:                 
https://bugs.php.net/fix.php?id=60576&r=support
Expected behavior:                   
https://bugs.php.net/fix.php?id=60576&r=notwrong
Not enough info:                     
https://bugs.php.net/fix.php?id=60576&r=notenoughinfo
Submitted twice:                     
https://bugs.php.net/fix.php?id=60576&r=submittedtwice
register_globals:                    
https://bugs.php.net/fix.php?id=60576&r=globals
PHP 4 support discontinued:          
https://bugs.php.net/fix.php?id=60576&r=php4
Daylight Savings:                    https://bugs.php.net/fix.php?id=60576&r=dst
IIS Stability:                       
https://bugs.php.net/fix.php?id=60576&r=isapi
Install GNU Sed:                     
https://bugs.php.net/fix.php?id=60576&r=gnused
Floating point limitations:          
https://bugs.php.net/fix.php?id=60576&r=float
No Zend Extensions:                  
https://bugs.php.net/fix.php?id=60576&r=nozend
MySQL Configuration Error:           
https://bugs.php.net/fix.php?id=60576&r=mysqlcfg