httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jeff Trawick <traw...@gmail.com>
Subject Re: [1.3 PATCH] mod_digest: ap_auth_nonce returns diff value between calls
Date Thu, 03 Mar 2005 11:11:58 GMT
On Wed, 2 Mar 2005 10:43:36 -0500, Eric Covener <covener@gmail.com> wrote:
> Followup to a fix for PR 30920 , when ap_auth_nonce builds a string to
> be hashed later by ap_md5 it's picking up some transient data (maybe
> dipping into parts of the remote sockaddr_in) instead of the local ip
> address.
> 
>  %pI is expecting the entire sockaddr_in struct to format and pokes
> around at some stuff that changes more often (which can be between
> generating the nonce and checking the nonce).
> 
> http_core.c:563
> 
> -    return ap_psprintf(r->pool,"%pI%pp%pp%pp%pp",
> +    return ap_psprintf(r->pool,"%pA%pp%pp%pp%pp",
>             &r->connection->local_addr.sin_addr

I suppose it is more likely Dirk paid attention to the separate
parameter than to the format string.  I've added this patch to the 1.3
STATUS file with my +1.

Thanks,

Jeff

Mime
View raw message