From: Jeff Trawick <trawick@apache.org>
Date: Sun, 6 Mar 2005 00:13:30 +0000 (+0000)
Subject: mod_digest: Fix another nonce string calculation issue.
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e41faa35b308e069043b646952e21981028f4824;p=thirdparty%2Fapache%2Fhttpd.git

mod_digest: Fix another nonce string calculation issue.

Submitted by:  Eric Covener
Reviewed by:   trawick, jorton, jim



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/1.3.x@156287 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/STATUS b/STATUS
index bcde5d0ed38..d36c55301eb 100644
--- a/STATUS
+++ b/STATUS
@@ -53,11 +53,6 @@ RELEASE SHOWSTOPPERS:
 
 PROPOSED PATCHES FOR THIS RELEASE:
 
-   *) ap_auth_nonce misuse of ap_snprintf (Eric Covener patch)
-      [1.3 PATCH] mod_digest: ap_auth_nonce returns diff value between calls
-      (using the s/%pI/%pA/ proposal)
-      +1: trawick, jorton, jim
-
    *) mod_log_config: Cleanup log_header_out function to allow multiple headers
       like Set-Cookie to be logged properly. PR 27787 
         modules/loggers/mod_log_config.c: r1.116 (2.x patch - need 1.3 version)
diff --git a/src/CHANGES b/src/CHANGES
index db596aa468e..1f2cab51339 100644
--- a/src/CHANGES
+++ b/src/CHANGES
@@ -1,5 +1,8 @@
 Changes with Apache 1.3.34
 
+  *) mod_digest: Fix another nonce string calculation issue.
+     [Eric Covener]
+
 Changes with Apache 1.3.33
 
   *) SECURITY: CAN-2004-0940 (cve.mitre.org)
@@ -11,7 +14,7 @@ Changes with Apache 1.3.32
   *) mod_rewrite: Fix query string handling for proxied URLs. PR 14518.
      [michael teitler <michael.teitler cetelem.fr>,
       Jan Kratochvil <rcpt-dev.AT.httpd.apache.org jankratochvil.net>]
-                                                                                
+
   *) mod_rewrite: Fix 0 bytes write into random memory position.
      PR 31036. [André Malo]
 
diff --git a/src/main/http_core.c b/src/main/http_core.c
index 75c775a6b7c..628f2d169cf 100644
--- a/src/main/http_core.c
+++ b/src/main/http_core.c
@@ -563,7 +563,7 @@ API_EXPORT(const char *) ap_auth_nonce(request_rec *r)
      * But then again - you should use AuthDigestRealmSeed in your config
      * file if you care. So the adhoc value should do.
      */
-    return ap_psprintf(r->pool,"%pI%pp%pp%pp%pp",
+    return ap_psprintf(r->pool,"%pA%pp%pp%pp%pp",
            &r->connection->local_addr.sin_addr,
            (void *)ap_user_name,
            (void *)ap_listeners,