You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by dg...@hyperreal.org on 1998/01/20 01:07:24 UTC

cvs commit: apachen/src/main http_protocol.c

dgaudet     98/01/19 16:07:23

  Modified:    .        STATUS
               src      CHANGES
               src/main http_protocol.c
  Log:
  basic auth token should be tested case-insensitive
  
  PR:		1666
  Submitted by:	Ronald.Tschalaer@psi.ch
  Reviewed by:	Dean Gaudet, Martin Kraemer, Ken Coar
  
  Revision  Changes    Path
  1.98      +1 -0      apachen/STATUS
  
  Index: STATUS
  ===================================================================
  RCS file: /export/home/cvs/apachen/STATUS,v
  retrieving revision 1.97
  retrieving revision 1.98
  diff -u -r1.97 -r1.98
  --- STATUS	1998/01/18 10:36:57	1.97
  +++ STATUS	1998/01/20 00:07:18	1.98
  @@ -87,6 +87,7 @@
       * Martin's [PORT] Make apache compile & run on an EBCDIC mainframe
       * Martin's [PATCH] mod_speling [300] Multiple Choices bug (Take 2)
       * Dean's [PATCH] protect the environment
  +    * general/1666: Apache uses a case sensitive match for "Basic" auth scheme
   
   Available Patches:
   
  
  
  
  1.567     +3 -0      apachen/src/CHANGES
  
  Index: CHANGES
  ===================================================================
  RCS file: /export/home/cvs/apachen/src/CHANGES,v
  retrieving revision 1.566
  retrieving revision 1.567
  diff -u -r1.566 -r1.567
  --- CHANGES	1998/01/14 21:01:06	1.566
  +++ CHANGES	1998/01/20 00:07:20	1.567
  @@ -1,5 +1,8 @@
   Changes with Apache 1.3b4
   
  +  *) "basic" auth needs a case-insensitive comparison.
  +     [Ronald.Tschalaer@psi.ch] PR#1666
  +
     *) For maximum portability, the environment passed to CGIs should
        only contain variables whose names match the regex
        /[a-zA-Z][a-zA-Z0-9_]*/.  This is now enforced by stamping
  
  
  
  1.175     +1 -1      apachen/src/main/http_protocol.c
  
  Index: http_protocol.c
  ===================================================================
  RCS file: /export/home/cvs/apachen/src/main/http_protocol.c,v
  retrieving revision 1.174
  retrieving revision 1.175
  diff -u -r1.174 -r1.175
  --- http_protocol.c	1998/01/13 23:11:12	1.174
  +++ http_protocol.c	1998/01/20 00:07:22	1.175
  @@ -943,7 +943,7 @@
           return AUTH_REQUIRED;
       }
   
  -    if (strcmp(getword(r->pool, &auth_line, ' '), "Basic")) {
  +    if (strcasecmp(getword(r->pool, &auth_line, ' '), "Basic")) {
           /* Client tried to authenticate using wrong auth scheme */
           aplog_error(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r->server,
                       "client used wrong authentication scheme: %s", r->uri);