From afef2f152f3f040d665fd1b19f30e10ed8326e18 Mon Sep 17 00:00:00 2001 From: Graham Leggett Date: Sat, 14 Sep 2013 13:48:46 +0000 Subject: [PATCH] mod_auth_digest: Be more specific when the realm mismatches because the realm has not been specified. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1523239 13f79535-47bb-0310-9956-ffa450edef68 --- CHANGES | 3 +++ docs/log-message-tags/next-number | 2 +- modules/aaa/mod_auth_digest.c | 10 +++++++++- 3 files changed, 13 insertions(+), 2 deletions(-) diff --git a/CHANGES b/CHANGES index 026428b2359..3d674a82c89 100644 --- a/CHANGES +++ b/CHANGES @@ -1,6 +1,9 @@ -*- coding: utf-8 -*- Changes with Apache 2.5.0 + *) mod_auth_digest: Be more specific when the realm mismatches because the + realm has not been specified. [Graham Leggett] + *) mod_cache: Avoid a crash with strcmp() when the hostname is not provided. [Graham Leggett] diff --git a/docs/log-message-tags/next-number b/docs/log-message-tags/next-number index 96633c95e71..2c7a84e8e4d 100644 --- a/docs/log-message-tags/next-number +++ b/docs/log-message-tags/next-number @@ -1 +1 @@ -2533 +2534 diff --git a/modules/aaa/mod_auth_digest.c b/modules/aaa/mod_auth_digest.c index da80b7d2650..7561d8f0632 100644 --- a/modules/aaa/mod_auth_digest.c +++ b/modules/aaa/mod_auth_digest.c @@ -1691,7 +1691,15 @@ static int authenticate_digest_user(request_rec *r) return HTTP_UNAUTHORIZED; } - if (strcmp(resp->realm, conf->realm)) { + if (!conf->realm) { + ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(02533) + "realm mismatch - got `%s' but no realm specified", + resp->realm); + note_digest_auth_failure(r, conf, resp, 0); + return HTTP_UNAUTHORIZED; + } + + if (!resp->realm || strcmp(resp->realm, conf->realm)) { ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(01788) "realm mismatch - got `%s' but expected `%s'", resp->realm, conf->realm); -- 2.47.3