You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@httpd.apache.org by Eric Covener <co...@gmail.com> on 2005/03/02 16:43:36 UTC
[1.3 PATCH] mod_digest: ap_auth_nonce returns diff value between calls
Followup to a fix for PR 30920 , when ap_auth_nonce builds a string to
be hashed later by ap_md5 it's picking up some transient data (maybe
dipping into parts of the remote sockaddr_in) instead of the local ip
address.
%pI is expecting the entire sockaddr_in struct to format and pokes
around at some stuff that changes more often (which can be between
generating the nonce and checking the nonce).
http_core.c:563
- return ap_psprintf(r->pool,"%pI%pp%pp%pp%pp",
+ return ap_psprintf(r->pool,"%pA%pp%pp%pp%pp",
&r->connection->local_addr.sin_addr
Or if host:port is preferable,
return ap_psprintf(r->pool,"%pI%pp%pp%pp%pp",
- &r->connection->local_addr.sin_addr,
+ &r->connection->local_addr
I've attached the former (IP address only) as a patch
--
Eric Covener
covener@gmail.com
Re: [1.3 PATCH] mod_digest: ap_auth_nonce returns diff value between calls
Posted by Jeff Trawick <tr...@gmail.com>.
On Wed, 2 Mar 2005 10:43:36 -0500, Eric Covener <co...@gmail.com> wrote:
> Followup to a fix for PR 30920 , when ap_auth_nonce builds a string to
> be hashed later by ap_md5 it's picking up some transient data (maybe
> dipping into parts of the remote sockaddr_in) instead of the local ip
> address.
>
> %pI is expecting the entire sockaddr_in struct to format and pokes
> around at some stuff that changes more often (which can be between
> generating the nonce and checking the nonce).
>
> http_core.c:563
>
> - return ap_psprintf(r->pool,"%pI%pp%pp%pp%pp",
> + return ap_psprintf(r->pool,"%pA%pp%pp%pp%pp",
> &r->connection->local_addr.sin_addr
I suppose it is more likely Dirk paid attention to the separate
parameter than to the format string. I've added this patch to the 1.3
STATUS file with my +1.
Thanks,
Jeff