httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From sterling <>
Subject Re: [PATCH] apache core dumps if you call ap_note_basic_auth_failure when auth type is null
Date Wed, 21 Nov 2001 05:31:05 GMT
On Tue, 20 Nov 2001, Doug MacEachern wrote:

> On Tue, 20 Nov 2001, sterling wrote:
> > Hi -
> >
> > Set up an auth directory without AuthType but with require valid-user and
> > AuthName and load an auth module that uses ap_note_basic_auth_failure...
> > el kabong!! this patch stops the coro dumpo.
> this has bitten others in 1.x too.  ended up adding protection in the
> modperl wrapper functions.  i applied a slightly different version to
> prevent the same problem in ap_note_auth_failure().  and also changed
> if (type && strcasecmp(ap_auth_type(r), "Basic"))
>  to
> if (!type || ...)
> cause i don't think it should set the *-Authenticate header if there is no
> AuthType configured, right?  or maybe ap_auth_type() should default to
> Basic?

Yeah -

I pondered that for a bit... We should probably log an error (like bloom
suggested) so the user is aware of the misconfiguration, and then send
none of the headers (like your patch does).

I don't think we should default to Basic.


View raw message