httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Gregory (Grisha) Trubetskoy" <gri...@apache.org>
Subject Re: [PATCH] Re: mod_auth.c bug?
Date Wed, 08 Oct 2003 18:25:05 GMT


On a second thought, a more efficient variation would be this, since there
is no need to loop through what is after "user" if we don't have a r->user
to compare anything with:


--- modules/aaa/mod_auth.c  Wed Oct  8 13:36:49 2003
+++ modules/aaa/mod_auth.c        Wed Oct  8 13:30:19 2003
@@ -289,7 +289,7 @@
         if (!strcmp(w, "valid-user")) {
             return OK;
         }
-        if (!strcmp(w, "user")) {
+        if (user && !strcmp(w, "user")) {
             while (t[0]) {
                 w = ap_getword_conf(r->pool, &t);
                 if (!strcmp(user, w)) {




On Wed, 8 Oct 2003, Gregory (Grisha) Trubetskoy wrote:

>
> On Tue, 7 Oct 2003, Dirk-Willem van Gulik wrote:
>
> > Actualy I'd be happier if the strcmp() would becomce
> >
> > 	if (user && !strcmp(r->user,user)
>
> Well here is a patch then. I tested it on 2.0.47 (mod_auth.c hasn't
> changed since (at least)).
>
> This patch prevents a segfault in cases where a module handles the
> check_user_id, returns OK but neglects to set r->user, AND there exists a
> "require user ..." directive.
>
> --- modules/aaa/mod_auth.c  Wed Oct  8 13:36:49 2003
> +++ modules/aaa/mod_auth.c        Wed Oct  8 13:30:19 2003
> @@ -292,7 +292,7 @@
>          if (!strcmp(w, "user")) {
>              while (t[0]) {
>                  w = ap_getword_conf(r->pool, &t);
> -                if (!strcmp(user, w)) {
> +                if (user && !strcmp(user, w)) {
>                      return OK;
>                  }
>              }
>
>

Mime
View raw message