Nicolas, Thanks for the bug report. This is now fixed in the svn trunk. -Phil
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Nicolas Clemeur Sent: Saturday, November 03, 2007 12:16 AM To: [email protected] Subject: mod_auth_cas bug? Hello, I think I have found a problem in the way mod_auth_cas is parsing the url to retrieve the ticket. If you look at the getCASTicket function. You'll see the code below: /* tokenize on & to find the 'ticket' parameter */ ticket = apr_strtok(args, "&", &tokenizerCtx); do { if(strncmp(ticket, "ticket=", 7) == 0) { ticketFound = TRUE; /* skip to the meat of the parameter (the value after the '=') */ ticket += 7; rv = apr_pstrdup(r->pool, ticket); break; } ticket = apr_strtok(NULL, "&", &tokenizerCtx); /* no more parameters */ if(ticket == NULL) break; } while (ticketFound == FALSE); This code fails with a seg fault if the url is ended with a "?" but has no parameters (as an example, http://www.ja-sig.org/issues/secure/IssueNavigator.jspa? would fail if mod_auth_cas was used) I have just fix that problem with the following code: ticket = apr_strtok(args, "&", &tokenizerCtx); while (ticket != NULL && ticketFound == FALSE) { if(strncmp(ticket, "ticket=", 7) == 0) { ticketFound = TRUE; /* skip to the meat of the parameter (the value after the '=') */ ticket += 7; rv = apr_pstrdup(r->pool, ticket); break; } ticket = apr_strtok(NULL, "&", &tokenizerCtx); } Best regards, Nicolas _______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas _______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
