Bug #60576 [Com]: PHP cURL crash connecting to IIS6 website with NTLM authentication

[jammitch at gmail dot com]

Edit report at https://bugs.php.net/bug.php?id=60576&edit=1

 ID:                 60576
 Comment by:         jammitch at gmail dot com
 Reported by:        cf at infomantis dot de
 Summary:            PHP cURL crash connecting to IIS6 website with NTLM
                     authentication
 Status:             Open
 Type:               Bug
 Package:            cURL related
 Operating System:   Windows Server 2003/XP/7 (32/64)
 PHP Version:        5.3.8
 Block user comment: N
 Private report:     N

 New Comment:

This appears to be fixed in PHP 5.3.10.


Previous Comments:
------------------------------------------------------------------------
[2012-01-13 17:31:54] jammitch at gmail dot com

I am able to reproduce this bug, or something incredibly similar, on IIS 7 and 
7.5, using an out-of-the-box install of WordPress 5.3.8. The cURL jobs trigger 
every minute or so, so that's one page that crashes each minute.

And I'm not the only one:

http://stackoverflow.com/questions/8798286/php-5-3-8-wordpress-curl-intermittent-error

Unfortunately, using cURL from PHP 5.3.6 won't work, as I need the cainfo 
parameter in php.ini to set a root certificate, as the WordPress install is 
behind SSL. I may end up having to do it in code until this is fixed.

------------------------------------------------------------------------
[2011-12-20 15:24:05] cf at infomantis dot de

Description:
------------
If one connects to an IIS 6 website configured with "Windows Authentication"
without the correct authentication credentials and authentication type set one 
would expect the PHP code (see sample code) to return the HTTP status code 401 
and exit normally.
This is the behaviour as seen with PHP 5.3.6. For the version 5.3.7/5.3.8 (and 
also tested with the snapshot 5.3 r321148) the PHP process crashes with an 
access violation (see backtrace). Only if correct authentication credentials 
are given and the cURL option CURLOPT_HTTPAUTH is set to CURLAUTH_NTLM 
(CURLAUTH_ANY or CURLAUTH_ANYSAFE will not work!) the script terminates 
successfully and returns the content of the then authenticated request. 
The behaviour is not limited to requests to localhost (as in the sample code) 
and a request to an IIS 7 website with "Windows Authentication" will show the 
expected result (status 401 - no access violation). 

Test script:
---------------
<?php
$curl = curl_init("http://localhost";);
curl_setopt($curl, CURLOPT_VERBOSE, true);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
// if the authentication information are not given 
// in exactly this way the process will crash with 
// an access violation.
//curl_setopt($curl, CURLOPT_HTTPAUTH, CURLAUTH_NTLM);
//curl_setopt($curl, CURLOPT_USERPWD, '<domain>/<user>:<password>');
$data = curl_exec($curl);
if(curl_errno($curl)) {
   echo 'cURL error: ' . curl_error($curl)."\n";
}
curl_close($curl);

Expected result:
----------------
* About to connect() to localhost port 80 (#0)
*   Trying 127.0.0.1... * connected
* Connected to localhost (127.0.0.1) port 80 (#0)
> GET / HTTP/1.1
Host: localhost
Accept: */*

< HTTP/1.1 401 Unauthorized
< Content-Length: 1656
< Content-Type: text/html
< Server: Microsoft-IIS/6.0
< WWW-Authenticate: Negotiate
< WWW-Authenticate: NTLM
< Date: Tue, 20 Dec 2011 15:17:01 GMT
<
* Connection #0 to host localhost left intact
* Closing connection #0

Actual result:
--------------
hread 0 - System ID 836
Entry point   php!mainCRTStartup 
Create time   20.12.2011 15:59:09 
Time spent in user mode   0 Days 0:0:0.0 
Time spent in kernel mode   0 Days 0:0:0.62 

.NET Call Stack

Full Call Stack

Function     Arg 1     Arg 2     Arg 3   Source 
wow64!Wow64NotifyDebugger+9     6b0064f2     00000000     00000000    
wow64!Wow64KiRaiseException+172     6b006866     00000000     0140d730    
wow64!Wow64SystemServiceEx+d6     78b83c7d     00000000     00000000    
wow64cpu!ServiceNoTurbo+28     6b006a5a     00000000     7efdf000    
wow64!RunCpuSimulation+a     6b005e0d     00000000     00000000    
wow64!Wow64LdrpInitialize+2ed     77ed7a00     00000000     00c0f710    
ntdll!LdrpInitializeProcess+1558     77ed519f     00000000     00000000    
ntdll!LdrpInitialize+18f     77ef2af5     00000000     00000000    
ntdll!KiUserApcDispatcher+15     00000000     00000000     00000000    
0x77d59680     00000000     00000000     00000000    


Exception Information
PHP_CURL!CURL_INPUT_NEGOTIATE+104In 
php__PID__2880__Date__12_20_2011__Time_04_02_22PM__536__Second_Chance_Exception_C0000005.dmp
 
the assembly instruction at 
php_curl!Curl_input_negotiate+104 in 
C:\home\PHP\php-5.3-nts-windows-vc9-x86-r321148\ext\php_curl.dll from The PHP 
Group 
has caused an access violation exception (0xC0000005) when trying to read from 
memory 
location 0x00000044 on thread 0


------------------------------------------------------------------------



-- 
Edit this bug report at https://bugs.php.net/bug.php?id=60576&edit=1