httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ryan Bloom <...@covalent.net>
Subject Re: [PATCH] apache core dumps if you call ap_note_basic_auth_failure when auth type is null
Date Wed, 21 Nov 2001 03:47:03 GMT
On Tuesday 20 November 2001 07:38 pm, Doug MacEachern wrote:
> On Tue, 20 Nov 2001, sterling wrote:
> > Hi -
> >
> > Set up an auth directory without AuthType but with require valid-user and
> > AuthName and load an auth module that uses ap_note_basic_auth_failure...
> > el kabong!! this patch stops the coro dumpo.
>
> this has bitten others in 1.x too.  ended up adding protection in the
> modperl wrapper functions.  i applied a slightly different version to
> prevent the same problem in ap_note_auth_failure().  and also changed
> if (type && strcasecmp(ap_auth_type(r), "Basic"))
>  to
> if (!type || ...)
> cause i don't think it should set the *-Authenticate header if there is no
> AuthType configured, right?  or maybe ap_auth_type() should default to
> Basic?

I like both fixes, and I agree that we need one of them.  I already saw the
commit, too.  I also have another suggested improvement that I think we should
add.

This is a configuration error.  We should be able to detect this kind of 
configuration error and report it. With the config tree logic, we can do this, by
adding a bit of logic.

I can do the work to make sure that when you have AuthType, you also have
AuthName and Require directives.  Before I do however, does anybody disagree
that we should have this logic?

Ryan

______________________________________________________________
Ryan Bloom				rbb@apache.org
Covalent Technologies			rbb@covalent.net
--------------------------------------------------------------

Mime
View raw message