You are viewing a plain text version of this content. The canonical link for it is here.
Posted to bugs@httpd.apache.org by bu...@apache.org on 2003/08/08 21:00:45 UTC
DO NOT REPLY [Bug 21533] -
Apache may crash with digest authentication if sub-DocumentRoot .htaccess files override DocumentRoot .htaccess file's "Require valid-user" directive with "Require group testgroup" and the authenticated username is not listed as a member of the "testgroup" group
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=21533>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND
INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=21533
Apache may crash with digest authentication if sub-DocumentRoot .htaccess files override DocumentRoot .htaccess file's "Require valid-user" directive with "Require group testgroup" and the authenticated username is not listed as a member of the "testgroup" group
------- Additional Comments From truk@optonline.net 2003-08-08 19:00 -------
This bug also exists in 1.3.28. I've encounterd it without using groups, just
requre user in the sub-DocumentRoot will cause apache to crash. It occurs if
the sub-DocumentRoot is restricted using .htaccess or via httpd.conf.
I've debugged this somewhat and found that it is related to FancyIndexing
combined with auth digest. Here's a stack trace:
note_digest_auth_failure(request_rec * 0x00860dc0, const digest_config_struct *
0x007c5e30, digest_header_struct * 0x00000000, int 0) line 1210 + 3 bytes
digest_check_auth(request_rec * 0x00860dc0) line 1861 + 33 bytes
run_method(request_rec * 0x00860dc0, int 7, int 0) line 370 + 7 bytes
ap_check_auth(request_rec * 0x00860dc0) line 427 + 17 bytes
ap_sub_req_lookup_file(const char * 0x00864f9e, const request_rec * 0x0085dad8)
line 1027 + 186 bytes
make_autoindex_entry(char * 0x00864f9e, int 1, autoindex_config_struct *
0x007b7478, request_rec * 0x0085dad8, char 78, char 65) line 1281 + 13 bytes
index_directory(request_rec * 0x0085dad8, autoindex_config_struct * 0x007b7478)
line 1762 + 32 bytes
handle_autoindex(request_rec * 0x0085dad8) line 1822 + 13 bytes
ap_invoke_handler(request_rec * 0x0085dad8) line 518 + 10 bytes
process_request_internal(request_rec * 0x0085dad8) line 1324 + 9 bytes
ap_process_request(request_rec * 0x0085dad8) line 1340 + 9 bytes
child_sub_main(int 0) line 5992
child_main(int 0) line 6062 + 9 bytes
_threadstartex(void * 0x007f3a48) line 212 + 13 bytes
KERNEL32! 77e8b2d8()
note_digest_auth_failure bombs because the third parameter (digest_header_rec
*resp) is null. Here's the call to note_digest_auth_failure from
digest_check_auth:
note_digest_auth_failure(r, conf,
(digest_header_rec *) ap_get_module_config(r->request_config,
&digest_auth_module),
0);
The third parameter is passed via ap_get_module_config which returns 0.
This is as far as I got. I don't know enough about
apache/mod_autoindex/mod_auth_digest to suggest a patch. I do have some
questions though. Why is FancyIndexing checking auth for sub directories while
building the index for the parrent? If this this valid, why would
mod_auth_digest log an error in this case? The user hasn't even selected the
sub directory, but the log file records it like they did:
Digest: access to /webfolder/Kurt failed, reason: user kurt not allowed access
Hope this helps somewhat. I will help testing any proposed patches.
-Kurt
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org