httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Chuck Murcko <ch...@telebase.com>
Subject Re: WWW Form Bug Report: "SegV in mod_digest" on Solaris 2.x (fwd)
Date Thu, 02 May 1996 14:12:37 GMT
Is this the same bug that Sean's patch fixed? I believe it's never been cvs
committed, though.

Cliff Skolnick liltingly intones:
> 
> 
> sounds like a real bug to me...no ack has been sent.
> 
> ---------- Forwarded message ----------
> Date: Wed May 1 14:48:37 1996
> From: csw@chezmoi.com
> To: cliff@organic.com
> Subject: WWW Form Bug Report: "SegV in mod_digest" on Solaris 2.x
> 
> Submitter: csw@chezmoi.com
> Operating system: Solaris 2.x, version: 
> Version of Apache Used: 
> Extra Modules used: mod_digest
> URL exhibiting problem: 
> 
> Symptoms:
> --
> Core dump of the server when acessing a page where a .htaccess file is present.
> it looks like the mod_digest code is not doing any checkes for whether a certain mime
header is actually present.
> it just goes ahead and tries to take the strlen of the header and of course if the header
is not present it will try to take the strlen of a null string andf crash.
> 
> I think the mod_digest stuff is enabled in the configuration files by defaults.  It should
at lease be commented out by default and marked as experimental.
> 
> 
> --
> 
> Backtrace:
> --
> Program received signal SIGSEGV, Segmentation fault.
> 0xef5a2e2c in strlen ()
> (gdb) where
> #0  0xef5a2e2c in strlen ()
> #1  0x3e4a8 in get_digest_rec (r=0x66c50, response=0x5f7b0) at mod_digest.c:124
> #2  0x3eb94 in authenticate_digest_user (r=0x66c50) at mod_digest.c:265
> #3  0x1e02c in run_method (r=0x66c50, offset=44, run_all=0)
>     at http_config.c:224
> #4  0x1e1c8 in check_user_id (r=0x66c50) at http_config.c:260
> #5  0x212ac in process_request_internal (r=0x66c50) at http_request.c:713
> #6  0x213e4 in process_request (r=0x66c50) at http_request.c:740
> #7  0x1a92c in child_main (child_num_arg=0) at http_main.c:1176
> #8  0x1aabc in make_child (server_conf=0x5ca50, child_num=0)
>     at http_main.c:1211
> #9  0x1b148 in standalone_main (argc=6, argv=0xeffffdac) at http_main.c:1350
> #10 0x1b478 in main (argc=6, argv=0xeffffdac) at http_main.c:1439
> (gdb) p auth_line
> No symbol "auth_line" in current context.
> (gdb) up
> #1  0x3e4a8 in get_digest_rec (r=0x66c50, response=0x5f7b0) at mod_digest.c:124
> 124       int l = strlen(auth_line);
> (gdb) p auth_line
> $1 = 0x0
> (gdb) quit
> 
> --
> 
> 

chuck
Chuck Murcko	N2K Inc.	Wayne PA	chuck@telebase.com
And now, on a lighter note:
This is your fortune.

Mime
View raw message