Changes with Apache 2.3.3
+ *) mod_auth_digest: Fix null pointer when qop=none. [Dan Poirier]
+
*) Add support for HTTP PUT to ab. [Jeff Barnes <jbarnesweb yahoo.com>]
*) ServerTokens now accepts 'Off' which disables sending of
return OK;
}
+ if ((conf->qop_list != NULL)
+ &&(conf->qop_list[0] != NULL)
+ &&!strcasecmp(conf->qop_list[0], "none")) {
+ /* qop is none, client must not send a nonce count */
+ if (snc != NULL) {
+ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
+ "Digest: invalid nc %s received - no nonce count allowed when qop=none",
+ snc);
+ return !OK;
+ }
+ /* qop is none, cannot check nonce count */
+ return OK;
+ }
+
nc = strtol(snc, &endptr, 16);
if (endptr < (snc+strlen(snc)) && !apr_isspace(*endptr)) {
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,