[patch] PR 9076: Satisfy Any without AuthType set is broken

Sun, 26 Jan 2003 17:40:27 -0800 

actually this bug happened over 5 years ago ...

However, try a standard installation and put a single "Satisfy Any" into 
the DocumentRoot's Directory section. If you then try to access 
http://localhost: in 1.3 you'll get a weird 500 without an errorlog 
message. In 2.x you'll loose all MIME and handler information (in fact it 
won't be set).

I've attached patches for 1.3, 2.0 and 2.1, which all do the same. They 
remove the bogus !auth_type check for the access_checker run.
Since it's a sensitive area, some review would be appreciated.

nd
-- 
sub the($){+shift} sub answer (){ord q
        [* It is always 42! *]       }
           print the answer
# Andr� Malo # http://pub.perlig.de/ #

Index: server/request.c
===================================================================
RCS file: /home/cvs/httpd-2.0/server/request.c,v
retrieving revision 1.123
diff -u -r1.123 request.c
--- server/request.c    23 Jan 2003 21:34:13 -0000      1.123
+++ server/request.c    27 Jan 2003 01:22:05 -0000
@@ -251,8 +251,7 @@
             break;
 
         case SATISFY_ANY:
-            if (((access_status = ap_run_access_checker(r)) != 0)
-                || !ap_auth_type(r)) {
+            if (((access_status = ap_run_access_checker(r)) != 0)) {
                 if (!ap_some_auth_required(r)) {
                     return decl_die(access_status, ap_auth_type(r)
                                   ? "check access"

Index: server/request.c
===================================================================
RCS file: /home/cvs/httpd-2.0/server/request.c,v
retrieving revision 1.121.2.1
diff -u -r1.121.2.1 request.c
--- server/request.c    23 Dec 2002 09:03:55 -0000      1.121.2.1
+++ server/request.c    27 Jan 2003 01:25:33 -0000
@@ -242,8 +242,7 @@
             break;
 
         case SATISFY_ANY:
-            if (((access_status = ap_run_access_checker(r)) != 0)
-                || !ap_auth_type(r)) {
+            if (((access_status = ap_run_access_checker(r)) != 0)) {
                 if (!ap_some_auth_required(r)) {
                     return decl_die(access_status, ap_auth_type(r)
                                   ? "check access"

Index: src/main/http_request.c
===================================================================
RCS file: /home/cvs/apache-1.3/src/main/http_request.c,v
retrieving revision 1.166
diff -u -r1.166 http_request.c
--- src/main/http_request.c     21 May 2002 12:50:09 -0000      1.166
+++ src/main/http_request.c     27 Jan 2003 01:22:24 -0000
@@ -1267,7 +1267,7 @@
         }
         break;
     case SATISFY_ANY:
-        if (((access_status = ap_check_access(r)) != 0) || !ap_auth_type(r)) {
+        if (((access_status = ap_check_access(r)) != 0)) {
             if (!ap_some_auth_required(r)) {
                 decl_die(access_status ? access_status :
                         HTTP_INTERNAL_SERVER_ERROR,

Reply via email to