From 75d68e248ac446704bf6f559ba6ef29302657311 Mon Sep 17 00:00:00 2001
From: Jim Jagielski <jim@apache.org>
Date: Tue, 13 Nov 2007 15:06:33 +0000
Subject: [PATCH] fruit... hanging low

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@594559 13f79535-47bb-0310-9956-ffa450edef68
---
 STATUS                            | 6 ------
 modules/aaa/mod_authz_groupfile.c | 5 +++++
 2 files changed, 5 insertions(+), 6 deletions(-)

diff --git a/STATUS b/STATUS
index c6a93318c03..dccc9894fb9 100644
--- a/STATUS
+++ b/STATUS
@@ -79,12 +79,6 @@ RELEASE SHOWSTOPPERS:
 PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
   [ start all new proposals below, under PATCHES PROPOSED. ]
 
-   * mod_authz_groupfile: don't risk crash if r->user isn't set.
-     PR 42995
-     Trunk: n/a
-     2.2.x patch: http://people.apache.org/~niq/42995.patch
-     +1: niq, covener, trawick
-
    * mod_authn_dbd: Export any additional columns queried in the SQL select
      into the environment with the name AUTHENTICATE_<COLUMN>. This brings
      mod_authn_dbd behaviour in line with mod_authnz_ldap.
diff --git a/modules/aaa/mod_authz_groupfile.c b/modules/aaa/mod_authz_groupfile.c
index 0d52c8de410..4c710507616 100644
--- a/modules/aaa/mod_authz_groupfile.c
+++ b/modules/aaa/mod_authz_groupfile.c
@@ -173,6 +173,11 @@ static int check_user_access(request_rec *r)
         return DECLINED; /* XXX change from legacy */
     }
 
+    /* If there's no user, it's a misconfiguration */
+    if (!user) {
+        return HTTP_INTERNAL_SERVER_ERROR;
+    }
+
     reqs = (require_line *)reqs_arr->elts;
 
     for (x = 0; x < reqs_arr->nelts; x++) {
-- 
2.47.2