[PATCH] Re: mod_auth.c bug?

Gregory (Grisha) Trubetskoy Wed, 08 Oct 2003 10:46:49 -0700

On Tue, 7 Oct 2003, Dirk-Willem van Gulik wrote:

> Actualy I'd be happier if the strcmp() would becomce
>
>       if (user && !strcmp(r->user,user)


Well here is a patch then. I tested it on 2.0.47 (mod_auth.c hasn't
changed since (at least)).

This patch prevents a segfault in cases where a module handles the
check_user_id, returns OK but neglects to set r->user, AND there exists a
"require user ..." directive.

--- modules/aaa/mod_auth.c  Wed Oct  8 13:36:49 2003
+++ modules/aaa/mod_auth.c        Wed Oct  8 13:30:19 2003
@@ -292,7 +292,7 @@
         if (!strcmp(w, "user")) {
             while (t[0]) {
                 w = ap_getword_conf(r->pool, &t);
-                if (!strcmp(user, w)) {
+                if (user && !strcmp(user, w)) {
                     return OK;
                 }
             }

[PATCH] Re: mod_auth.c bug?

Reply via email to