You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@httpd.apache.org by Aram Mirzadeh <aw...@qosina.com> on 1996/06/23 03:11:15 UTC
WWW Form Bug Report: "Basic Auth passwords strip leading colon" on Linux (fwd)
-----BEGIN PGP SIGNED MESSAGE-----
No ack. I don't see the bug though.
<Aram>
osm@interguide.com said:
> From nobody@hyperreal.com Fri Jun 21 20:15:11 1996
> Message-Id: <19...@taz.hyperreal.com>
> From: osm@interguide.com
> To: awm@qosina.com
> Date: Fri Jun 21 17:15:19 1996
> Subject: WWW Form Bug Report: "Basic Auth passwords strip leading colon" on Linux
>
> Submitter: osm@interguide.com
> Operating system: Linux, version:
> Version of Apache Used: 1.1b4
> Extra Modules used:
> URL exhibiting problem:
>
> Symptoms:
> --
> get_basic_auth_pw() uses getword() to parse out
> the password from the incoming auth information.
> This strips all leading colons from the password
> field. The following patch solves the problem.
>
> *** http_protocol.c Fri Jun 21 19:36:41 1996
> --- http_protocol.c-dist Mon Jun 17 16:55:25 1996
> ***************
> *** 582,588 ****
> }
>
> t = uudecode (r->pool, auth_line);
> ! r->connection->user = getword_nulls (r->pool, &t, ':');
> r->connection->auth_type = "Basic";
>
> *pw = t;
> --- 582,588 ----
> }
>
> t = uudecode (r->pool, auth_line);
> ! r->connection->user = getword (r->pool, &t, ':');
> r->connection->auth_type = "Basic";
>
> *pw = t;
>
> --
>
> Backtrace:
> --
>
> --
>
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
iQB1AwUBMcxvglWXWBJqmdlFAQGUnAL/Zvj4Kg8aaHSumT53epkAOJ9LMEM6Ea7t
aAYsxE8DKC0QZbZykAR9U07nLqMLtJUl3uOC/KQ/9ErSJdcTyaLWW9x3ufI+Dtov
xtHvTg7CBNm0cE6yj6FztRp/BuaPaA/v
=Lae5
-----END PGP SIGNATURE-----