On a second thought, a more efficient variation would be this, since there
is no need to loop through what is after "user" if we don't have a r->user
to compare anything with:
--- modules/aaa/mod_auth.c Wed Oct 8 13:36:49 2003
+++ modules/aaa/mod_auth.c Wed Oct 8 13:30:19 2003
@@ -289,7 +289,7 @@
if (!strcmp(w, "valid-user")) {
return OK;
}
- if (!strcmp(w, "user")) {
+ if (user && !strcmp(w, "user")) {
while (t[0]) {
w = ap_getword_conf(r->pool, &t);
if (!strcmp(user, w)) {
On Wed, 8 Oct 2003, Gregory (Grisha) Trubetskoy wrote:
>
> On Tue, 7 Oct 2003, Dirk-Willem van Gulik wrote:
>
> > Actualy I'd be happier if the strcmp() would becomce
> >
> > if (user && !strcmp(r->user,user)
>
> Well here is a patch then. I tested it on 2.0.47 (mod_auth.c hasn't
> changed since (at least)).
>
> This patch prevents a segfault in cases where a module handles the
> check_user_id, returns OK but neglects to set r->user, AND there exists a
> "require user ..." directive.
>
> --- modules/aaa/mod_auth.c Wed Oct 8 13:36:49 2003
> +++ modules/aaa/mod_auth.c Wed Oct 8 13:30:19 2003
> @@ -292,7 +292,7 @@
> if (!strcmp(w, "user")) {
> while (t[0]) {
> w = ap_getword_conf(r->pool, &t);
> - if (!strcmp(user, w)) {
> + if (user && !strcmp(user, w)) {
> return OK;
> }
> }
>
>
