Hi,
I have corrected the above bugs by removing a (stupid, imho) test in the
mod_auth_digest.c file (see the attached patch against 1.13.23)
in short, it was basicly testing if whatever after the ? was different.
I think that, it is not necessary to do so (the important thing is to control
access to the file, not to check the query.
I also modified slightly the messages generated in the error log (which there
is two copies of) so that it is easier to understand where the error comes
from.
Sincerely
Amaury
PS: if anybody thinks testing the contents of the query was important, please
tell me.
--- mod_auth_digest.c.old Mon Mar 4 11:56:37 2002
+++ mod_auth_digest.c Mon Mar 4 12:21:10 2002
@@ -1663,7 +1663,7 @@
if (r->method_number == M_CONNECT) {
if (strcmp(resp->uri, r_uri.hostinfo)) {
ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
- "Digest: uri mismatch - <%s> does not match "
+ "Digest (1): uri mismatch - <%s> does not match "
"request-uri <%s>", resp->uri, r_uri.hostinfo);
return BAD_REQUEST;
}
@@ -1685,12 +1685,15 @@
&& !(d_uri.path && !r_uri.path && resp->psd_request_uri->hostname
&& d_uri.path[0] == '*' && d_uri.path[1] == '\0'))
/* check that query matches */
+ /* heh, this does not make any sense... */
+ /*
|| (d_uri.query != r_uri.query
&& (!d_uri.query || !r_uri.query
|| strcmp(d_uri.query, r_uri.query)))
+ */
) {
ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
- "Digest: uri mismatch - <%s> does not match "
+ "Digest (2): uri mismatch - <%s> does not match "
"request-uri <%s>", resp->uri, resp->raw_request_uri);
return BAD_REQUEST;
}
