[1.3 PATCH] mod_digest: ap_auth_nonce returns diff value between calls

[Eric Covener <co...@gmail.com>]

Followup to a fix for PR 30920 , when ap_auth_nonce builds a string to
be hashed later by ap_md5 it's picking up some transient data (maybe
dipping into parts of the remote sockaddr_in) instead of the local ip
address.

 %pI is expecting the entire sockaddr_in struct to format and pokes
around at some stuff that changes more often (which can be between
generating the nonce and checking the nonce).

http_core.c:563

-    return ap_psprintf(r->pool,"%pI%pp%pp%pp%pp",
+    return ap_psprintf(r->pool,"%pA%pp%pp%pp%pp",
            &r->connection->local_addr.sin_addr

Or if host:port is preferable,

     return ap_psprintf(r->pool,"%pI%pp%pp%pp%pp",
-           &r->connection->local_addr.sin_addr,
+           &r->connection->local_addr

I've attached the former (IP address only) as a patch

--
Eric Covener
covener@gmail.com

Re: [1.3 PATCH] mod_digest: ap_auth_nonce returns diff value between calls

[Jeff Trawick <tr...@gmail.com>]

On Wed, 2 Mar 2005 10:43:36 -0500, Eric Covener <co...@gmail.com> wrote:
> Followup to a fix for PR 30920 , when ap_auth_nonce builds a string to
> be hashed later by ap_md5 it's picking up some transient data (maybe
> dipping into parts of the remote sockaddr_in) instead of the local ip
> address.
> 
>  %pI is expecting the entire sockaddr_in struct to format and pokes
> around at some stuff that changes more often (which can be between
> generating the nonce and checking the nonce).
> 
> http_core.c:563
> 
> -    return ap_psprintf(r->pool,"%pI%pp%pp%pp%pp",
> +    return ap_psprintf(r->pool,"%pA%pp%pp%pp%pp",
>             &r->connection->local_addr.sin_addr

I suppose it is more likely Dirk paid attention to the separate
parameter than to the format string.  I've added this patch to the 1.3
STATUS file with my +1.

Thanks,

Jeff