DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://issues.apache.org/bugzilla/show_bug.cgi?id=31898>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=31898 Potential crash in util_ldap_cache_checkuserid ------- Additional Comments From [EMAIL PROTECTED] 2004-11-01 14:32 ------- The comment about password verifying on line 983 of the patched v2.1 util_ldap.c should probably be removed. Otherwise your util_ldap_cache_getuserdn() looks pretty much the same as my version of the same function for Apache 2.0.52. In my version of mod_auth_ldap_auth_checker() I check that the request has a username before starting to create the req structure. Not sure if this affects the end result (failing authorization) but it should make troubleshooting easier: *************** *** 529,534 **** --- 529,541 ---- * and populated with the userid and DN of the account in LDAP */ + /* Check that we have a userid to start with */ + if ((!r->user) || (strlen(r->user) == 0)) { + ap_log_rerror(APLOG_MARK, APLOG_WARNING|APLOG_NOERRNO, 0, r, + "ldap authorize: Userid is blank, AuthType=%s", + r->ap_auth_type); + } + if(!req) { ap_log_rerror(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, r, "ldap authorize: Creating LDAP req structure"); On line 912 of patched v2.1 util_ldap.c there is this code: if ((search_nodep == NULL) || (strcmp(*binddn, search_nodep->dn) != 0)) { /* Nothing in cache, insert new entry */ util_ald_cache_insert(curl->search_cache, &the_search_node); Shouldn't the existing cache entry be removed before if the dn of the cache entry does not match dn of the ldap search result ? Otherwise this will insert a duplicate entry in the cache. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
