[8539] in bugtraq
[Fwd: Strange auth bug] Netscape Communicator 4.0x?
daemon@ATHENA.MIT.EDU (Guille (Bisho))
Fri Nov 13 15:23:52 1998
Date: Fri, 13 Nov 1998 00:54:01 +0100
Reply-To: bisho@eurielec.clubs.etsit.upm.es
From: "Guille (Bisho)" <guille@REDESTB.ES>
To: BUGTRAQ@NETSPACE.ORG
This is a multi-part message in MIME format.
--------------FB9233D6BBD57A1CA4027C29
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Forwarded from new-httpd apache list
--------------FB9233D6BBD57A1CA4027C29
Return-Path: <new-httpd-owner-guille=redestb.es@apache.org>
Received: from finet0.redestb.es ([194.179.106.13]) by mx0.redestb.es
(post.office MTA v2.0 0813 ID# 0-12342) with ESMTP id AAA144
for <guille@redestb.es>; Wed, 11 Nov 1998 10:15:00 +0100
Received: from hyperreal.org ([209.133.83.16]) by finet0.redestb.es
(Post.Office MTA v3.1.2 release (PO205-101c) ID# 0-0U10L2S100)
with SMTP id AAA203 for <guille@redestb.es>;
Wed, 11 Nov 1998 09:32:35 +0100
Received: (qmail 116 invoked by uid 6000); 11 Nov 1998 08:38:41 -0000
Received: (qmail 106 invoked from network); 11 Nov 1998 08:38:39 -0000
Received: from smtp.lerdorf.on.ca (HELO sunlab.bellglobal.com) (199.243.250.75)
by taz.hyperreal.org with SMTP; 11 Nov 1998 08:38:39 -0000
Received: from collective.lerdorf.on.ca (collective.lerdorf.on.ca [207.164.141.23])
by sunlab.bellglobal.com (8.9.1/8.8.8) with ESMTP id DAA25263
for <new-httpd@apache.org>; Wed, 11 Nov 1998 03:41:19 -0500 (EST)
Date: Wed, 11 Nov 1998 03:40:41 -0500 (Eastern Standard Time)
From: Rasmus Lerdorf <rasmus@lerdorf.on.ca>
To: new-httpd@apache.org
Subject: Re: Strange auth bug
In-Reply-To: <19981111084236.A29293@engelschall.com>
Message-ID: <Pine.WNT.4.05.9811110325540.-108993@helium.jetpen.com>
X-X-Sender: rasmus@imap3.bellglobal.com
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=ISO-8859-1
Content-Transfer-Encoding: 8BIT
Sender: new-httpd-owner@apache.org
Precedence: bulk
Reply-To: new-httpd@apache.org
X-Mozilla-Status2: 00000000
> Strange. When I pass this to a RFC2045 compliant base64 encode/decode function
> I get:
>
> | :> ./base64 encode 'tdtdr'
> | dOR05HI=
> | rse@en1:/e/apache/SSL/trail
> | :>
> | :> ./base64 decode 'dOR05HI='
> | tdtdr
> | rse@en1:/e/apache/SSL/trail
> | :>
>
> which looks more correct to me. So, are both Netscape and IE broken?
> Hmmm... confusing.
No, you forgot about the password. I was setting the username to "tdtdr"
*and* the password to "blah".
If I use a blank password and just set the username to tdtdr IE5 sends an
Authorization header of:
Basic dOR05HI6
And Netscape sends:
Basic dOR0
I tcpdumped the connection as well to eliminate the possibility that
Netscape might be sending an embedded \0 (which would still be a bug) and
it really only sends the above. There is nothing else on the wire.
Testing a bunch of them:
tdten tdten (ok)
tvten tvten (ok)
t|ten t|ten (ok)
tdtdr tdt (error)
t|t|r t|t (error)
tvtvr tvt (error)
tdtdrd tdt (error)
t|t|r| t|t (error)
tvtvrv tvt (error)
da_ da_ (ok)
_ad '' (emtpy string) (error)
T\R T\R (ok)
T\R\ T\R (error)
vsterreich '' (empty string) (error)
dste '' (empty string) (error)
|st '' (empty string) (error)
Tabalugd Tabalugd (ok)
Ta__Kaffd Ta__Kaffd (ok)
Ta_td Ta_td (ok)
Ta_d Ta_ (error)
rvstdn rvstdn (ok)
relo|md relo|m (error)
bxrge bxrge (ok)
xl '' (empty string) (error)
Ok, so the pattern emerges. More than 1 8-bit char in the string, or if
the first char of the string is an 8-bit char and Netscape's encoding
algorithm gets hopelessly confused.
You'd think all sorts of Scandinavians and Germans would have screamed
about this before though.
-Rasmus
--------------FB9233D6BBD57A1CA4027C29
Return-Path: <new-httpd-owner-guille=redestb.es@apache.org>
Received: from finet0.redestb.es ([194.179.106.13]) by mx0.redestb.es
(post.office MTA v2.0 0813 ID# 0-12342) with ESMTP id AAA290
for <guille@redestb.es>; Wed, 11 Nov 1998 02:04:54 +0100
Received: from hyperreal.org ([209.133.83.16]) by finet0.redestb.es
(Post.Office MTA v3.1.2 release (PO205-101c) ID# 0-0U10L2S100)
with SMTP id AAA163 for <guille@redestb.es>;
Wed, 11 Nov 1998 01:58:33 +0100
Received: (qmail 27825 invoked by uid 6000); 11 Nov 1998 01:04:43 -0000
Received: (qmail 27815 invoked from network); 11 Nov 1998 01:04:37 -0000
Received: from smtp.lerdorf.on.ca (HELO sunlab.bellglobal.com) (199.243.250.75)
by taz.hyperreal.org with SMTP; 11 Nov 1998 01:04:37 -0000
Received: from collective.lerdorf.on.ca (collective.lerdorf.on.ca [207.164.141.23])
by sunlab.bellglobal.com (8.9.1/8.8.8) with ESMTP id UAA25127;
Tue, 10 Nov 1998 20:07:14 -0500 (EST)
Date: Tue, 10 Nov 1998 20:06:35 -0500 (Eastern Standard Time)
From: Rasmus Lerdorf <rasmus@lerdorf.on.ca>
To: php-dev@lists.php.net
cc: new-httpd@apache.org
Subject: Strange auth bug
Message-ID: <Pine.WNT.4.05.9811101958160.-225903@helium.jetpen.com>
X-X-Sender: rasmus@imap3.bellglobal.com
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=ISO-8859-1
Content-Transfer-Encoding: 8BIT
Sender: new-httpd-owner@apache.org
Precedence: bulk
Reply-To: new-httpd@apache.org
X-Mozilla-Status2: 00000000
I am trying to track down a weird bug here. Just wondering if anybody has
run across something similar.
When I authenticate on a page using a user id of: tdtdr
and a password of: blah
IE sends an Authorization header which looks like this:
Basic dOR05HI6YmxhaA==
while Netscape sends:
Basic dOR0
What gives? Unless I missed something, this looks like a pretty basic
browser bug.
I am testing with Navigator 4.5 on Win98 and IE5.
-Rasmus
--------------FB9233D6BBD57A1CA4027C29--
