httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joe Orton <...@orton.demon.co.uk>
Subject [PATCH] mod_auth_digest segfault
Date Fri, 04 Aug 2000 22:55:07 GMT
I'm getting a segfault using mod_auth_digest from Apache 1.3 CVS and
mod_dav CVS HEAD with the configuration:

   / requires digest auth with username foo
   /auth/ requires digest auth with username bar

I do a PROPFIND/depth 1 on "/", after successful authentication, mod_dav
runs a subrequest on "/auth". mod_auth_digest now dumps core because of
the NULL resp parameter to note_digest_auth_failure: the backtrace is:

#0  0x4014f757 in note_digest_auth_failure (r=0x8101e9c, conf=0x80de0b4,
resp=0x0, stale=0)
    at mod_auth_digest.c:1258
#1  0x40151462 in digest_check_auth (r=0x8101e9c) at
mod_auth_digest.c:1909
#2  0x806c29c in run_method (r=0x8101e9c, offset=8, run_all=0) at
http_config.c:360
#3  0x806c41c in ap_check_auth (r=0x8101e9c) at http_config.c:417
#4  0x807ef41 in ap_sub_req_method_uri (method=0x80fefe4 "PROPFIND",
new_file=0x8100f84 "/auth", r=0x80fd8bc)
    at http_request.c:784
#5  0x4017acea in dav_fs_walker (fsctx=0xbffff698, depth=1) at
...etc...

If I understand what's going on correctly, the

 ap_get_module_config(r->request_config, &digest_auth_module);

call in digest_check_auth is returning NULL, because
update_nonce_count has never run for this 'r' since 'r' is a subrequest.

The patch below fixes it.

joe

--- mod_auth_digest.c.orig	Fri Aug  4 23:22:53 2000
+++ mod_auth_digest.c	Fri Aug  4 23:28:30 2000
@@ -1847,6 +1847,7 @@
     table *grpstatus;
     const array_header *reqs_arr;
     require_line *reqs;
+    digest_header_rec *resp;
 
     if (!(t = ap_auth_type(r)) || strcasecmp(t, "Digest"))
 	return DECLINED;
@@ -1906,10 +1907,13 @@
 	"Digest: access to %s failed, reason: user %s not allowed access",
 	r->uri, user);
 
-    note_digest_auth_failure(r, conf,
-	(digest_header_rec *) ap_get_module_config(r->request_config,
-						   &digest_auth_module),
-	0);
+    resp = ap_get_module_config(r->request_config, &digest_auth_module);
+    /* resp may be NULL in a subrequest, since update_nonce_count
+     * never gets run for the subr */
+    if (resp != NULL) {
+	note_digest_auth_failure(r, conf, resp, 0);
+    }
+
     return AUTH_REQUIRED;
 }
 

Mime
View raw message