> Without checking that user is not NULL. Under normal use this probably
> never happens, but if another module handles the check_user_id, returns OK
> but neglects to set r->user, AND there exists a "require user ..."
Which is not uncommon in some commercial models which will fill out the
data later in the chain.. (or because they do not have the concept of a
single uid style 'user' yet use the auth handler).
> directive, the above will segfault. This is a situation possible to run
..
> if (!user) {
> ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
> "access to %s failed, reason: r->user is not set!",
> r->uri);
> return HTTP_INTERNAL_SERVER_ERROR;
> }
Actualy I'd be happier if the strcmp() would becomce
if (user && !strcmp(r->user,user)
as that does not break existing modules -and- keeps the semantics of
"require user" to be functional. On the other hand - this is in the 2.x
branch - so you could argue that r->user MUST be filled out by auth
modules (even if they do not really have the concept of a user!) if they
return OK. _IF_ you document that - then by all means - the above
HTTP_INTERNAL_SERVER_ERROR is the right thing to do.
Dw.
