You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@httpd.apache.org by Rasmus Lerdorf <ra...@lerdorf.on.ca> on 1998/11/11 02:06:35 UTC

Strange auth bug

I am trying to track down a weird bug here.  Just wondering if anybody has
run across something similar.

When I authenticate on a page using a user id of: tätär
and a password of: blah

IE sends an Authorization header which looks like this:

  Basic dOR05HI6YmxhaA==

while Netscape sends:

  Basic dOR0 

What gives?  Unless I missed something, this looks like a pretty basic
browser bug.

I am testing with Navigator 4.5 on Win98 and IE5.

-Rasmus

Re: Strange auth bug

Posted by Dean Gaudet <dg...@arctic.org>.


On Wed, 11 Nov 1998, Ben Laurie wrote:

> I'll wager Netscape are using a signed char in their base 64 encoder...

That's what I was going to suggest.  If it's linked shared you could tweak
the isfoo() table (whatever it's called) so that it has entries 128..255
duplicated at -128..-1... might fix it. 

Dean

Re: Strange auth bug

Posted by Ben Laurie <be...@algroup.co.uk>.

Rasmus Lerdorf wrote:
> 
> I am trying to track down a weird bug here.  Just wondering if anybody has
> run across something similar.
> 
> When I authenticate on a page using a user id of: tätär
> and a password of: blah
> 
> IE sends an Authorization header which looks like this:
> 
>   Basic dOR05HI6YmxhaA==
> 
> while Netscape sends:
> 
>   Basic dOR0
> 
> What gives?  Unless I missed something, this looks like a pretty basic
> browser bug.

I'll wager Netscape are using a signed char in their base 64 encoder...

Cheers,

Ben.

-- 
Ben Laurie            |Phone: +44 (181) 735 0686| Apache Group member
Freelance Consultant  |Fax:   +44 (181) 735 0689|http://www.apache.org/
and Technical Director|Email: ben@algroup.co.uk |
A.L. Digital Ltd,     |Apache-SSL author     http://www.apache-ssl.org/
London, England.      |"Apache: TDG" http://www.ora.com/catalog/apache/

Re: Strange auth bug

Posted by Manoj Kasichainula <ma...@io.com>.

On Tue, Nov 10, 1998 at 08:06:35PM -0500, Rasmus Lerdorf wrote:
> When I authenticate on a page using a user id of: tätär
> and a password of: blah
[snip]

> while Netscape sends:
> 
>   Basic dOR0 

Duplicated with Navigator 4.07 on Linux.

> What gives?  Unless I missed something, this looks like a pretty basic
> browser bug.

Sure seems like it. This decodes into "tät". Looks like Netscape's
encoder choked after munching on one chunk of input with an 8-bit
character.

-- 
Manoj Kasichainula - manojk at io dot com - http://www.io.com/~manojk/
"Show me an Ethernet collision and I'll show you a network that could
do with one user fewer." -- BOFH