* src/main/http_core.c (ap_auth_nonce): Fix default nonce string to

use the socket address, rather than the address of a pointer into r->,
which changes for each connection and hence forces re-authentication
for every new connection since 1.3.31.

PR: 30920

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/1.3.x@105350 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/src/CHANGES b/src/CHANGES
index bf98def04768ac18e6685e238703b210c8b45201..35a2fed6753e092d0d1907e59c598c938e5a42b3 100644 (file)
--- a/src/CHANGES
+++ b/src/CHANGES
@@ -1,5 +1,9 @@
 Changes with Apache 1.3.32
 
+  *) mod_digest: Fix nonce string calculation since 1.3.31 which
+     would force re-authentication for every connection if
+     AuthDigestRealmSeed was not configure.  PR 30920.  [Joe Orton]
+
   *) Trigger an error when a LoadModule directive attempts to
      load a module which is built-in.  This is a common error when
      switching from a DSO build to a static build.

diff --git a/src/main/http_core.c b/src/main/http_core.c
index 0f9c495d03349382e941a9d1da88cbf14298e92b..75c775a6b7cf63b89509566def2b1de80fdb592d 100644 (file)
--- a/src/main/http_core.c
+++ b/src/main/http_core.c
@@ -563,8 +563,8 @@ API_EXPORT(const char *) ap_auth_nonce(request_rec *r)
      * But then again - you should use AuthDigestRealmSeed in your config
      * file if you care. So the adhoc value should do.
      */
-    return ap_psprintf(r->pool,"%pp%pp%pp%pp%pp",
-           (void *)&((r->connection->local_addr).sin_addr ),
+    return ap_psprintf(r->pool,"%pI%pp%pp%pp%pp",
+           &r->connection->local_addr.sin_addr,
            (void *)ap_user_name,
            (void *)ap_listeners,
            (void *)ap_server_argv0,