Fix #67792: HTTP Authorization schemes are treated as case-sensitive

cmb69 · cmb69 · commit 39ddf6b89cc5 · 2021-04-23T15:54:17.000+02:00
We use `zend_binary_strncasecmp()` to avoid any locale issues, and refactor. We also add a test case for Digest authentication. Closes GH-6900.
diff --git a/NEWS b/NEWS
@@ -7,6 +7,8 @@ PHP                                                                        NEWS
     call_user_func_array). (twosee)
   . Fixed bug #80960 (opendir() warning wrong info when failed on Windows).
     (cmb)
+  . Fixed bug #67792 (HTTP Authorization schemes are treated as case-sensitive).
+    (cmb)
 
 - pgsql:
   . Fixed php_pgsql_fd_cast() wrt. php_stream_can_cast(). (cmb)
diff --git a/main/main.c b/main/main.c
@@ -2712,12 +2712,13 @@ PHPAPI void php_handle_aborted_connection(void)
 PHPAPI int php_handle_auth_data(const char *auth)
 {
 	int ret = -1;
+	size_t auth_len = auth != NULL ? strlen(auth) : 0;
 
-	if (auth && auth[0] != '\0' && strncmp(auth, "Basic ", 6) == 0) {
+	if (auth && auth_len > 0 && zend_binary_strncasecmp(auth, auth_len, "Basic ", sizeof("Basic ")-1, sizeof("Basic ")-1) == 0) {
 		char *pass;
 		zend_string *user;
 
-		user = php_base64_decode((const unsigned char*)auth + 6, strlen(auth) - 6);
+		user = php_base64_decode((const unsigned char*)auth + 6, auth_len - 6);
 		if (user) {
 			pass = strchr(ZSTR_VAL(user), ':');
 			if (pass) {
@@ -2736,7 +2737,7 @@ PHPAPI int php_handle_auth_data(const char *auth)
 		SG(request_info).auth_digest = NULL;
 	}
 
-	if (ret == -1 && auth && auth[0] != '\0' && strncmp(auth, "Digest ", 7) == 0) {
+	if (ret == -1 && auth && auth_len > 0 && zend_binary_strncasecmp(auth, auth_len, "Digest ", sizeof("Digest ")-1, sizeof("Digest ")-1) == 0) {
 		SG(request_info).auth_digest = estrdup(auth + 7);
 		ret = 0;
 	}
diff --git a/sapi/cli/tests/php_cli_server_021.phpt b/sapi/cli/tests/php_cli_server_021.phpt
@@ -0,0 +1,37 @@
+--TEST--
+Digest Authentication
+--SKIPIF--
+<?php
+include "skipif.inc";
+?>
+--FILE--
+<?php
+include "php_cli_server.inc";
+php_cli_server_start('var_dump(!isset($_SERVER["PHP_AUTH_USER"]), !isset($_SERVER["PHP_AUTH_PW"]), $_SERVER["PHP_AUTH_DIGEST"]);');
+
+$host = PHP_CLI_SERVER_HOSTNAME;
+$fp = php_cli_server_connect();
+
+if(fwrite($fp, <<<HEADER
+GET / HTTP/1.1
+Host: {$host}
+Authorization: digest username="Mufasa", realm="testrealm@host.com", nonce="dcd98b7102dd2f0e8b11d0f600bfb0c093", uri="/dir/index.html", qop=auth, nc=00000001, cnonce="0a4f113b", response="6629fae49393a05397450978507c4ef1", opaque="5ccc069c403ebaf9f0171e9517f40e41"
+
+
+HEADER
+)) {
+	fpassthru($fp);
+}
+
+?>
+--EXPECTF--
+HTTP/1.1 200 OK
+Host: %s
+Date: %s
+Connection: close
+X-Powered-By: PHP/%s
+Content-type: text/html; charset=UTF-8
+
+bool(true)
+bool(true)
+string(242) "username="Mufasa", realm="testrealm@host.com", nonce="dcd98b7102dd2f0e8b11d0f600bfb0c093", uri="/dir/index.html", qop=auth, nc=00000001, cnonce="0a4f113b", response="6629fae49393a05397450978507c4ef1", opaque="5ccc069c403ebaf9f0171e9517f40e41""
