httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From s.@apache.org
Subject svn commit: r986606 - /httpd/httpd/trunk/server/request.c
Date Wed, 18 Aug 2010 09:24:04 GMT
Author: sf
Date: Wed Aug 18 09:24:04 2010
New Revision: 986606

URL: http://svn.apache.org/viewvc?rev=986606&view=rev
Log:
Add the same r->user == NULL check in the Satisfy Any code path as r965709 did
for Satisfy all

Modified:
    httpd/httpd/trunk/server/request.c

Modified: httpd/httpd/trunk/server/request.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/server/request.c?rev=986606&r1=986605&r2=986606&view=diff
==============================================================================
--- httpd/httpd/trunk/server/request.c (original)
+++ httpd/httpd/trunk/server/request.c Wed Aug 18 09:24:04 2010
@@ -260,7 +260,14 @@ AP_DECLARE(int) ap_process_request_inter
                 if ((access_status = ap_run_check_user_id(r)) != OK) {
                     return decl_die(access_status, "check user", r);
                 }
-
+                if (r->user == NULL) {
+                    /* don't let buggy authn module crash us in authz */
+                    ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
+                                  "Buggy authn provider failed to set user for %s",
+                                  r->uri);
+                    access_status = HTTP_INTERNAL_SERVER_ERROR;
+                    return decl_die(access_status, "check user", r);
+                }
                 if ((access_status = ap_run_auth_checker(r)) != OK) {
                     return decl_die(access_status, "check authorization", r);
                 }



Mime
View raw message