httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Eric Covener <cove...@gmail.com>
Subject [1.3 PATCH] mod_digest: ap_auth_nonce returns diff value between calls
Date Wed, 02 Mar 2005 15:43:36 GMT
Followup to a fix for PR 30920 , when ap_auth_nonce builds a string to
be hashed later by ap_md5 it's picking up some transient data (maybe
dipping into parts of the remote sockaddr_in) instead of the local ip
address.

 %pI is expecting the entire sockaddr_in struct to format and pokes
around at some stuff that changes more often (which can be between
generating the nonce and checking the nonce).

http_core.c:563

-    return ap_psprintf(r->pool,"%pI%pp%pp%pp%pp",
+    return ap_psprintf(r->pool,"%pA%pp%pp%pp%pp",
            &r->connection->local_addr.sin_addr

Or if host:port is preferable,

     return ap_psprintf(r->pool,"%pI%pp%pp%pp%pp",
-           &r->connection->local_addr.sin_addr,
+           &r->connection->local_addr

I've attached the former (IP address only) as a patch

--
Eric Covener
covener@gmail.com

Mime
View raw message