Just noticed that my response to this didn't hit the list due to the BCC for [EMAIL PROTECTED] for the record:
On Mon, Oct 09, 2006 at 09:49:26PM +0200, Helmut Grohne wrote: > Upstream tarball from http://www.webdav.org/neon/: src/ne_auth.c:1204: > > else if (sess->protocol > && sess->protocol->flags && AUTH_FLAG_VERIFY_NON40x > && (status->klass == 2 || status->klass == 3) > && auth_hdr) { > ret = sess->protocol->verify(areq, sess, auth_hdr); > } > > flags && AUTH_FLAG_VERIFY_NON40x is typing mistake and should be > corrected to bitwise and, as it could lead to unexpected behaviour or a > security hole. Thanks, this has been reported already. By chance the code does actually work exactly as intended; the only cases where ->flags is non-zero are cases where (flags & AUTH_FLAG_VERIFY_NON40x) is true. joe _______________________________________________ neon mailing list [email protected] http://mailman.webdav.org/mailman/listinfo/neon
