diff --git a/main/main.c b/main/main.c index 3450b4197f3d9..b17bbd7fe7b0a 100644 --- a/main/main.c +++ b/main/main.c @@ -2712,12 +2712,13 @@ PHPAPI void php_handle_aborted_connection(void) PHPAPI int php_handle_auth_data(const char *auth) { int ret = -1; + size_t auth_len = auth != NULL ? strlen(auth) : 0; - if (auth && auth[0] != '\0' && strncmp(auth, "Basic ", 6) == 0) { + if (auth && auth_len > 0 && zend_binary_strncasecmp(auth, auth_len, "Basic ", sizeof("Basic ")-1, sizeof("Basic ")-1) == 0) { char *pass; zend_string *user; - user = php_base64_decode((const unsigned char*)auth + 6, strlen(auth) - 6); + user = php_base64_decode((const unsigned char*)auth + 6, auth_len - 6); if (user) { pass = strchr(ZSTR_VAL(user), ':'); if (pass) { @@ -2736,7 +2737,7 @@ PHPAPI int php_handle_auth_data(const char *auth) SG(request_info).auth_digest = NULL; } - if (ret == -1 && auth && auth[0] != '\0' && strncmp(auth, "Digest ", 7) == 0) { + if (ret == -1 && auth && auth_len > 0 && zend_binary_strncasecmp(auth, auth_len, "Digest ", sizeof("Digest ")-1, sizeof("Digest ")-1) == 0) { SG(request_info).auth_digest = estrdup(auth + 7); ret = 0; } diff --git a/sapi/cli/tests/php_cli_server_021.phpt b/sapi/cli/tests/php_cli_server_021.phpt new file mode 100644 index 0000000000000..66ad4b225c919 --- /dev/null +++ b/sapi/cli/tests/php_cli_server_021.phpt @@ -0,0 +1,39 @@ +--TEST-- +Digest Authentication +--SKIPIF-- + +--FILE-- + +--EXPECTF-- +HTTP/1.1 200 OK +Host: %s +Date: %s +Connection: close +X-Powered-By: PHP/%s +Content-type: text/html; charset=UTF-8 + +NULL +NULL +string(242) "username="Mufasa", realm="testrealm@host.com", nonce="dcd98b7102dd2f0e8b11d0f600bfb0c093", uri="/dir/index.html", qop=auth, nc=00000001, cnonce="0a4f113b", response="6629fae49393a05397450978507c4ef1", opaque="5ccc069c403ebaf9f0171e9517f40e41""