>Number: 1824 >Category: os-irix >Synopsis: problem with uudecode() when optimizations turned on >Confidential: no >Severity: non-critical >Priority: medium >Responsible: apache >State: open >Class: sw-bug >Submitter-Id: apache >Arrival-Date: Tue Feb 17 11:00:00 PST 1998 >Last-Modified: >Originator: [EMAIL PROTECTED] >Organization: apache >Release: 1.2.5 >Environment: IRIX 6.2, 64-bit Compiler version 6.2 Compiler options: -Iregex -O2 -n32 -DIRIX -DSTATUS >Description: The uudecode() function seems to fail for some authorization strings when the optimization level is set to "-O2". uudecode() only returns the user id and the first four letters of the decoded password entry. This causes the authorization attempt to fail even if the user enters the correct password. >How-To-Repeat: Create both a group and a password file. The group file contains one group entry with three users. Use a require-group to reference this group entry. Try accessing the directory protected by the directive using the id of the second of the three users in the group entry. >Fix: In the course of trying to track this down I found that putting in fprintf()s in the uudecode() function caused the in correct behavior to cease. I suspect that it is either stack-related in the code or the compiler. Turning off the optimizations also "cured" the incorrect behavior. I have not tried it using newer compilers >Audit-Trail: >Unformatted: [In order for any reply to be added to the PR database, ] [you need to include <[EMAIL PROTECTED]> in the Cc line ] [and leave the subject line UNCHANGED. This is not done] [automatically because of the potential for mail loops. ]
