From: Jim Jagielski <jim@apache.org>
Date: Tue, 9 Aug 2005 13:18:47 +0000 (+0000)
Subject: Note patch http://people.apache.org/~jim/mod_auth_ldap-2.0.patch
X-Git-Tag: 2.0.55~94
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=6f403f08a6176dbc0d2e2d378771728a94c9e3ec;p=thirdparty%2Fapache%2Fhttpd.git

Note patch http://people.apache.org/~jim/mod_auth_ldap-2.0.patch
which protects against bad stuff when mod_auth_ldap's check_user_id
hook doesn't complete or isn't called, but auth_checker is.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.0.x@231033 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/STATUS b/STATUS
index c8682bb88e9..91ecfb505dc 100644
--- a/STATUS
+++ b/STATUS
@@ -205,6 +205,13 @@ PATCHES PROPOSED TO BACKPORT FROM TRUNK:
   [ please place SVN revisions from trunk here, so it is easy to
     identify exactly what the proposed changes are! ]
 
+    *) Prevent bad dereferencing of non-existent req struct in
+       mod_auth_ldap's mod_auth_ldap_auth_checker() if
+       mod_auth_ldap_check_user_id() was never (fully) called.
+       Similar behavior to that in 2.1/2.2.
+         http://people.apache.org/~jim/mod_auth_ldap-2.0.patch
+       +1: jim
+
     *) Correct RFC 2616 non-compliance by refusing to proxy a request body 
        in a TRACE request, unless TraceEnable extended is configured.
        Introduces TraceEnable [on|off|extended] to give the administrator