httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Aram Mirzadeh <...@qosina.com>
Subject Re: WWW Form Bug Report: "Auth Basic Passwords cannot start with a ':'" on Linux (fwd)
Date Thu, 02 May 1996 00:57:48 GMT
> 
> 	This is the same problem that happened with the multiple args
> to a script: /cgi-bin/test?4+5++5 which I had fixed.
> 
> 	To fix this replace the call to getword() with the function I
> wrote, getword_nulls().

Is this already in 1.1? 

> 
> > 
> > 
> > Make sense.  I also had the problem, but I just made the password a legal one.
> > Is ':' a legal character? 
> > 
> > No ack sent. 
> > 
> > <Aram>
> > 
> > 
> > > Subject: WWW Form Bug Report: "Auth Basic Passwords cannot start with a ':'"
on Linux
> > > 
> > > Submitter: osm@interguide.com
> > > Operating system: Linux, version: 
> > > Version of Apache Used: 1.0.3
> > > Extra Modules used: mod_auth_dbm
> > > URL exhibiting problem: 
> > > 
> > > Symptoms:
> > > --
> > > get_basic_auth_pw() calls getword() to get the
> > > user-supplied authentication password.  getword(),
> > > after finding the 'stop' character, skips past
> > > multiple 'stop' characters until it find a
> > > non-stop character.  This causes passwords that
> > > start with colons to have the colons stripped off
> > > (and the user authentication fails).
> > > --
> > > 
> > > Backtrace:
> > > --
> > > 
> > > --
> > > 
> > 
> > 
> > -- 
> >                                         | Aram Mirzadeh
> > I'm not under the alkafluence of inkahol| MIS Manager
> > that some thinkle peep I am.            | Qosina Corp.
> > It's just the drunker I sit here the    | http://www.qosina.com/~awm/
> > longer I get.                           | awm@qosina.com
> >                 			| Apache httpd - awm@hyperreal.com
> > 
> 
> 
> -- 
> Sameer Parekh					Voice:   510-601-9777x3
> Community ConneXion, Inc.			FAX:     510-601-9734
> The Internet Privacy Provider			Dialin:  510-658-6376
> http://www.c2.net/ (or login as "guest")		sameer@c2.net
> 


-- 
                                        | Aram Mirzadeh
I'm not under the alkafluence of inkahol| MIS Manager
that some thinkle peep I am.            | Qosina Corp.
It's just the drunker I sit here the    | http://www.qosina.com/~awm/
longer I get.                           | awm@qosina.com
                			| Apache httpd - awm@hyperreal.com

Mime
View raw message