httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Andrew Wilson <and...@tees.elsevier.co.uk>
Subject Re: [Q] Apche SunOS: .htaccess in cgi directories? (fwd)
Date Mon, 04 Dec 1995 21:36:18 GMT
> Forwarded message:
> 
> > From: Dave Alden <alden@math.ohio-state.edu>
> > Subject: Re: [Q] Apche SunOS: .htaccess in cgi directories?
> > To: hartill@lanl.gov
> > Date: Mon, 4 Dec 1995 14:06:06 -0500 (EST)
>  
> > Hi,
> > 
> > > >   o  I wrote a netgroup authentication module (we really love netgroups
> > > >      here, we use them for everything.  :-)  I was wondering if there's
> > > >      a repository for new modules?
> > > 
> > > If you can wait a few days for 1.0, then make sure the module works
> > > with it, you can then send us a note (to me, the bugs mail or wherever)
> > > saying where we can find it. We'll have a look then.
> > 
> > It seems to work find with 1.0.  You can find a copy at:
> > 
> > ftp://ftp.math.ohio-state.edu/pub/alden/mod_auth_nis.c
> 
> Anyone want to take a look.
> 
> Please reply to this list and the submitter, so that we all know
> that something's happening.

Hi Dave,

Apache 0.8.foo had a bug which caused seg faults to ocurr when no *requires*
were given inside a <Limit ... ></Limit> structure.

Compare your:

    array_header *reqs_arr = requires (r);
    require_line *reqs = (require_line *)reqs_arr->elts;

With Apache 1.0.0's:

    array_header *reqs_arr = requires (r);
    require_line *reqs;

    /* BUG FIX: tadc, 11-Nov-1995.  If there is no "requires" directive, 
     * then any user will do.
     */
    if (!reqs_arr)
        return (OK);
    reqs = (require_line *)reqs_arr->elts;

... which is taken from mod_auth.c.

I tried giving it an incorrectly formatted .htaccess file containing:

--- cut here ---
AuthDomainName my.nis.domain
AuthName ByPassword
AuthType Basic
<Limit GET POST>
</Limit>
--- cut here ---

and got the following errors in the error_log, following several tests:

[Mon Dec  4 21:29:15 1995] access to /User/Andrew.Wilson/TEST/ failed for www, reason: RETURNING
OK
[Mon Dec  4 21:29:15 1995] httpd: caught SIGSEGV, dumping core
[Mon Dec  4 21:29:26 1995] access to /User/Andrew.Wilson/TEST/ failed for www, reason: RETURNING
OK
[Mon Dec  4 21:29:26 1995] httpd: caught SIGSEGV, dumping core
[Mon Dec  4 21:29:31 1995] access to /User/Andrew.Wilson/TEST/ failed for www, reason: RETURNING
OK
[Mon Dec  4 21:29:31 1995] httpd: caught SIGSEGV, dumping core

Apache is at its most vunerable when presented with misconfigured
environments - which tends to be all the time!  To be a useful tool it
should at least be able to say *why* it can't cope.  At present
Apache's messages aren't very helpful, but at least we've seen this
behaviour before and know what it means ;)

> rob 

Cheers,
Ay.



Mime
View raw message