httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From j..@apache.org
Subject svn commit: r231033 - /httpd/httpd/branches/2.0.x/STATUS
Date Tue, 09 Aug 2005 13:18:50 GMT
Author: jim
Date: Tue Aug  9 06:18:47 2005
New Revision: 231033

URL: http://svn.apache.org/viewcvs?rev=231033&view=rev
Log:
Note patch http://people.apache.org/~jim/mod_auth_ldap-2.0.patch
which protects against bad stuff when mod_auth_ldap's check_user_id
hook doesn't complete or isn't called, but auth_checker is.

Modified:
    httpd/httpd/branches/2.0.x/STATUS

Modified: httpd/httpd/branches/2.0.x/STATUS
URL: http://svn.apache.org/viewcvs/httpd/httpd/branches/2.0.x/STATUS?rev=231033&r1=231032&r2=231033&view=diff
==============================================================================
--- httpd/httpd/branches/2.0.x/STATUS (original)
+++ httpd/httpd/branches/2.0.x/STATUS Tue Aug  9 06:18:47 2005
@@ -205,6 +205,13 @@
   [ please place SVN revisions from trunk here, so it is easy to
     identify exactly what the proposed changes are! ]
 
+    *) Prevent bad dereferencing of non-existent req struct in
+       mod_auth_ldap's mod_auth_ldap_auth_checker() if
+       mod_auth_ldap_check_user_id() was never (fully) called.
+       Similar behavior to that in 2.1/2.2.
+         http://people.apache.org/~jim/mod_auth_ldap-2.0.patch
+       +1: jim
+
     *) Correct RFC 2616 non-compliance by refusing to proxy a request body 
        in a TRACE request, unless TraceEnable extended is configured.
        Introduces TraceEnable [on|off|extended] to give the administrator



Mime
View raw message