httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Gregory (Grisha) Trubetskoy" <>
Subject mod_auth.c bug?
Date Wed, 08 Oct 2003 00:58:12 GMT

This is in httpd 2.0, I don't know whether a variation of the same problem
exists in 2.1.

In check_user_access(), we have

    char *user = r->user;

Then down below:

                if (!strcmp(user, w)) {

Without checking that user is not NULL. Under normal use this probably
never happens, but if another module handles the check_user_id, returns OK
but neglects to set r->user, AND there exists a "require user ..."
directive, the above will segfault. This is a situation possible to run
into if you're using mod_python (and probably the other mod_*'s as well)
for authentication.

There should probably be something like this somewhere at the top of

    if (!user) {
        ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
                      "access to %s failed, reason: r->user is not set!",

Another option would be to check for existense or r->user after
ap_run_check_user_id() calls in server/request.c.

I'm not sure what the right option is, so I'll leave it to the good people
more familiar with authentication :-)


View raw message