This is in httpd 2.0, I don't know whether a variation of the same problem
exists in 2.1.
In check_user_access(), we have
char *user = r->user;
Then down below:
if (!strcmp(user, w)) {
Without checking that user is not NULL. Under normal use this probably
never happens, but if another module handles the check_user_id, returns OK
but neglects to set r->user, AND there exists a "require user ..."
directive, the above will segfault. This is a situation possible to run
into if you're using mod_python (and probably the other mod_*'s as well)
for authentication.
There should probably be something like this somewhere at the top of
check_user_access():
if (!user) {
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
"access to %s failed, reason: r->user is not set!",
r->uri);
return HTTP_INTERNAL_SERVER_ERROR;
}
Another option would be to check for existense or r->user after
ap_run_check_user_id() calls in server/request.c.
I'm not sure what the right option is, so I'll leave it to the good people
more familiar with authentication :-)
Grisha
