DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://issues.apache.org/bugzilla/show_bug.cgi?id=31898>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=31898 Potential crash in util_ldap_cache_checkuserid ------- Additional Comments From [EMAIL PROTECTED] 2004-10-28 12:49 ------- You are right that it would prevent util_ldap_cache_checkuserid() from adding NULL passwords. But like you said, nothing stops other modules from adding them. The real story behind this thing is that I have made some changes (See bug 28253) to enable LDAP authorization when a user is authenticated with some other module and that code adds cache entries without password (in my case token authentication, no passwords sent over the network). But even without the NULL password issue, I think the duplicate checking at line 945 of v2.0.52 util_ldap.c is flawed because if it finds a cache entry where the dn or password does not match the entry to be added, it will just add the new entry without removing the existing one. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
