Received: by taz.hyperreal.com (8.6.12/8.6.5) id RAA11565;
 Wed, 1 May 1996 17:31:00 -0700
Received: from infinity.c2.org by taz.hyperreal.com (8.6.12/8.6.5) with ESMTP
 id RAA11550; Wed, 1 May 1996 17:30:56 -0700
Received: (from sameer@localhost) by infinity.c2.org (8.7.4/8.6.9)
	id RAA21330 for new-httpd@hyperreal.com; Wed, 1 May 1996 17:24:34 -0700 (PDT)
	Community ConneXion: Privacy & Community: <URL:http://www.c2.net>
From: sameer <sameer@c2.org>
Message-Id: <199605020024.RAA21330@infinity.c2.org>
Subject: Re: WWW Form Bug Report: "Auth Basic Passwords cannot start with a
 ':'" on Linux (fwd)
To: new-httpd@hyperreal.com
Date: Wed, 1 May 1996 17:24:30 -0700 (PDT)
In-Reply-To: <199605020016.UAA25642@luers.qosina.com> from "Aram Mirzadeh" at
 May 1, 96 08:16:15 pm
X-Mailer: ELM [version 2.4 PL20]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-new-httpd@apache.org
Precedence: bulk
Reply-To: new-httpd@hyperreal.com

	This is the same problem that happened with the multiple args
to a script: /cgi-bin/test?4+5++5 which I had fixed.

	To fix this replace the call to getword() with the function I
wrote, getword_nulls().

> 
> 
> Make sense.  I also had the problem, but I just made the password a legal one.
> Is ':' a legal character? 
> 
> No ack sent. 
> 
> <Aram>
> 
> 
> > Subject: WWW Form Bug Report: "Auth Basic Passwords cannot start with a ':'" on Linux
> > 
> > Submitter: osm@interguide.com
> > Operating system: Linux, version: 
> > Version of Apache Used: 1.0.3
> > Extra Modules used: mod_auth_dbm
> > URL exhibiting problem: 
> > 
> > Symptoms:
> > --
> > get_basic_auth_pw() calls getword() to get the
> > user-supplied authentication password.  getword(),
> > after finding the 'stop' character, skips past
> > multiple 'stop' characters until it find a
> > non-stop character.  This causes passwords that
> > start with colons to have the colons stripped off
> > (and the user authentication fails).
> > --
> > 
> > Backtrace:
> > --
> > 
> > --
> > 
> 
> 
> -- 
>                                         | Aram Mirzadeh
> I'm not under the alkafluence of inkahol| MIS Manager
> that some thinkle peep I am.            | Qosina Corp.
> It's just the drunker I sit here the    | http://www.qosina.com/~awm/
> longer I get.                           | awm@qosina.com
>                 			| Apache httpd - awm@hyperreal.com
> 


-- 
Sameer Parekh					Voice:   510-601-9777x3
Community ConneXion, Inc.			FAX:     510-601-9734
The Internet Privacy Provider			Dialin:  510-658-6376
http://www.c2.net/ (or login as "guest")		sameer@c2.net