httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Aram W. Mirzadeh" <...@qosina.com>
Subject WWW Form Bug Report: "mod_auth_msql.c: SEGV if user has no password" on Linux
Date Mon, 02 Oct 1995 12:55:56 GMT
>X-POP3-Rcpt: awm@luers.qosina.com
>From: nate@tripod.com
>To: awm@qosina.com
>Date: Sun Oct  1  3:36:10 1995
>Subject: WWW Form Bug Report: "mod_auth_msql.c: SEGV if user has no
password" on Linux
>
>Submitter: nate@tripod.com
>Operating system: Linux, version: 
>Extra Modules used: mod_auth_msql
>URL exhibiting problem: 
>
>Symptoms:
>--
>When using mSQL authentication, if a user who exists but has no defined
password tries to log on, httpd commits a segmentation violation and dumps
core.  This is because a NULL field for a password causes NULL to be
returned by msqlFetchRow.  Other than that, Apache is working beautifully.
Thanks guys! nate@tripod.com  (how does one subscribe to this bug list?)
Patch follows: tribble:src: diff mod_auth_msql.c mod_auth_msql_hacked.c
180,184c180,189 <     if (msqlNumRows(result) == 1) { <         data =
msqlFetchRow(result); <         pw = palloc (r->pool, strlen(data[0]) + 1);
<         strcpy(pw,data[0]); <       } --- >     if ( msqlNumRows(result)
== 1) { >       data = msqlFetchRow(result); >       if (! data[0]) { >
log_reason ("mSQL user has no valid password", r->uri, r); >       return
NULL; >       }   /* data[0] will be NULL if user exists but has no
password.   >            must check to see if data is non-NULL else SEGV
strikes. */ >       pw = palloc (r->p!
> ool, strlen(data[0]) + 1); >       strcpy(pw,data[0]); >     }  
>--
>
>Backtrace:
>--
>
>--
>
>
--
Aram W. Mirzadeh, MIS Manager, Qosina Corporation
http://www.qosina.com/~awm/, awm@qosina.com
Apache httpd server team http://www.apache.org



Mime
View raw message