https://bz.apache.org/bugzilla/show_bug.cgi?id=57836
Rainer Jung <rainer.j...@kippdata.de> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |NEEDINFO
--- Comment #6 from Rainer Jung <rainer.j...@kippdata.de> ---
(In reply to George Stanchev from comment #4)
> The thing is that ISAPI doesn't return null. You pass a buffer ptr and it
> fills it. In the case of absent REMOTE_USER, ISAPI sets the buffer[0]=0 and
> &size=0. So essentially the caller cannot differentiate NULL from "". But
> they are essentially the same thing.
>
> Alternatively the fix can go in Tomcat itself to NOT create CoyotePrincipal
> upon "" OR null string read from AJP which is also correct.
>
> If this was my product and I was controlling it, I'd put a fix in both
> places. Given the difficulty in getting Tomcat Connector releases out, I
> would be happy to open a bug against Tomcat and get a fix there which will
> alleviate the issue.
Hi George,
docs for GetServerVariable say, the returned size is the number of bytes
inlcuding the terminating '\0' character. So an empty string should return
buffer[0] = '\0' and size 1. If you are sure, that an absent REMOTE_USER is
handled by returning size 0, I would got for the general checking for size 0 in
dup_server_value() and handle size 0 as return value NULL. Any chance you can
check that? Also any chance to verify, that the size returned by an existing
REMOTE_USER is actually the strlen od the REMOTE_USER + 1 (so including the
terminating '\0' as docs say)?
I applied the change in r1701497. Slightly related is also r1701496.
It would be great if you could also test it. Keeping issue open until fix is
confirmed.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
