Return-Path: Delivered-To: apmail-httpd-dev-archive@httpd.apache.org Received: (qmail 15628 invoked by uid 500); 21 Nov 2001 04:30:17 -0000 Mailing-List: contact dev-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: dev@httpd.apache.org list-help: list-unsubscribe: list-post: Delivered-To: mailing list dev@httpd.apache.org Received: (qmail 15616 invoked from network); 21 Nov 2001 04:30:17 -0000 X-Authentication-Warning: localhost.localdomain: sterling owned process doing -bs Date: Tue, 20 Nov 2001 21:31:05 -0800 (PST) From: sterling X-X-Sender: To: Subject: Re: [PATCH] apache core dumps if you call ap_note_basic_auth_failure when auth type is null In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N On Tue, 20 Nov 2001, Doug MacEachern wrote: > On Tue, 20 Nov 2001, sterling wrote: > > > Hi - > > > > Set up an auth directory without AuthType but with require valid-user and > > AuthName and load an auth module that uses ap_note_basic_auth_failure... > > el kabong!! this patch stops the coro dumpo. > > this has bitten others in 1.x too. ended up adding protection in the > modperl wrapper functions. i applied a slightly different version to > prevent the same problem in ap_note_auth_failure(). and also changed > if (type && strcasecmp(ap_auth_type(r), "Basic")) > to > if (!type || ...) > cause i don't think it should set the *-Authenticate header if there is no > AuthType configured, right? or maybe ap_auth_type() should default to > Basic? > Yeah - I pondered that for a bit... We should probably log an error (like bloom suggested) so the user is aware of the misconfiguration, and then send none of the headers (like your patch does). I don't think we should default to Basic. sterling