On Mon, Oct 09, 2006 at 09:49:26PM +0200, Helmut Grohne wrote: > Debian: src/ne_auth.c:1358 > Upstream tarball from http://www.webdav.org/neon/: src/ne_auth.c:1204: > > else if (sess->protocol > && sess->protocol->flags && AUTH_FLAG_VERIFY_NON40x > && (status->klass == 2 || status->klass == 3) > && auth_hdr) { > ret = sess->protocol->verify(areq, sess, auth_hdr); > } > > flags && AUTH_FLAG_VERIFY_NON40x is typing mistake and should be > corrected to bitwise and, as it could lead to unexpected behaviour or a > security hole.
Thanks, this has been reported already. By chance the code does actually work exactly as intended; the only cases where ->flags is non-zero are cases where (flags & AUTH_FLAG_VERIFY_NON40x) is true. joe -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
