httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From wsanc...@apache.org
Subject cvs commit: httpd-2.0/modules/aaa mod_auth_basic.c mod_auth_digest.c
Date Sun, 08 Dec 2002 21:13:07 GMT
wsanchez    2002/12/08 13:13:07

  Modified:    modules/aaa mod_auth_basic.c mod_auth_digest.c
  Log:
  outch. there are some possible NULL pointer references. Have you ever tried
  AuthDigestProvider dbm? This results in a great kaboom. The patch makes
  apache throw an error, if someone tries a provider, that doesn't support
  the particular auth scheme.
  
  Submitted by:	Andre Malo <nd@perlig.de>
  
  Revision  Changes    Path
  1.9       +14 -0     httpd-2.0/modules/aaa/mod_auth_basic.c
  
  Index: mod_auth_basic.c
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/modules/aaa/mod_auth_basic.c,v
  retrieving revision 1.8
  retrieving revision 1.9
  diff -u -r1.8 -r1.9
  --- mod_auth_basic.c	8 Dec 2002 21:10:37 -0000	1.8
  +++ mod_auth_basic.c	8 Dec 2002 21:13:07 -0000	1.9
  @@ -125,6 +125,13 @@
                               newp->provider_name);
       }
   
  +    if (!newp->provider->check_password) {
  +        /* if it doesn't provide the appropriate function, reject it */
  +        return apr_psprintf(cmd->pool,
  +                            "The '%s' Authn provider doesn't support "
  +                            "Basic Authentication", provider_name);
  +    }
  +
       /* Add it to the list now. */
       if (!conf->providers) {
           conf->providers = newp;
  @@ -257,6 +264,13 @@
           if (!current_provider) {
               provider = ap_lookup_provider(AUTHN_PROVIDER_GROUP,
                                             AUTHN_DEFAULT_PROVIDER, "0");
  +
  +            if (!provider || !provider->check_password) {
  +                ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
  +                              "No Authn provider configured");
  +                auth_result = AUTH_GENERAL_ERROR;
  +                break;
  +            }
           }
           else {
               provider = current_provider->provider;
  
  
  
  1.75      +14 -0     httpd-2.0/modules/aaa/mod_auth_digest.c
  
  Index: mod_auth_digest.c
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/modules/aaa/mod_auth_digest.c,v
  retrieving revision 1.74
  retrieving revision 1.75
  diff -u -r1.74 -r1.75
  --- mod_auth_digest.c	8 Dec 2002 21:10:37 -0000	1.74
  +++ mod_auth_digest.c	8 Dec 2002 21:13:07 -0000	1.75
  @@ -516,6 +516,13 @@
                               newp->provider_name);
       }
   
  +    if (!newp->provider->get_realm_hash) {
  +        /* if it doesn't provide the appropriate function, reject it */
  +        return apr_psprintf(cmd->pool,
  +                            "The '%s' Authn provider doesn't support "
  +                            "Digest Authentication", provider_name);
  +    }
  +
       /* Add it to the list now. */
       if (!conf->providers) {
           conf->providers = newp;
  @@ -1477,6 +1484,13 @@
           if (!current_provider) {
               provider = ap_lookup_provider(AUTHN_PROVIDER_GROUP,
                                             AUTHN_DEFAULT_PROVIDER, "0");
  +
  +            if (!provider || !provider->get_realm_hash) {
  +                ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
  +                              "No Authn provider configured");
  +                auth_result = AUTH_GENERAL_ERROR;
  +                break;
  +            }
           }
           else {
               provider = current_provider->provider;
  
  
  

Mime
View raw message