You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@httpd.apache.org by "Aram W. Mirzadeh" <aw...@qosina.com> on 1995/10/02 13:55:56 UTC
WWW Form Bug Report: "mod_auth_msql.c: SEGV if user has no
password" on Linux
>X-POP3-Rcpt: awm@luers.qosina.com
>From: nate@tripod.com
>To: awm@qosina.com
>Date: Sun Oct 1 3:36:10 1995
>Subject: WWW Form Bug Report: "mod_auth_msql.c: SEGV if user has no
password" on Linux
>
>Submitter: nate@tripod.com
>Operating system: Linux, version:
>Extra Modules used: mod_auth_msql
>URL exhibiting problem:
>
>Symptoms:
>--
>When using mSQL authentication, if a user who exists but has no defined
password tries to log on, httpd commits a segmentation violation and dumps
core. This is because a NULL field for a password causes NULL to be
returned by msqlFetchRow. Other than that, Apache is working beautifully.
Thanks guys! nate@tripod.com (how does one subscribe to this bug list?)
Patch follows: tribble:src: diff mod_auth_msql.c mod_auth_msql_hacked.c
180,184c180,189 < if (msqlNumRows(result) == 1) { < data =
msqlFetchRow(result); < pw = palloc (r->pool, strlen(data[0]) + 1);
< strcpy(pw,data[0]); < } --- > if ( msqlNumRows(result)
== 1) { > data = msqlFetchRow(result); > if (! data[0]) { >
log_reason ("mSQL user has no valid password", r->uri, r); > return
NULL; > } /* data[0] will be NULL if user exists but has no
password. > must check to see if data is non-NULL else SEGV
strikes. */ > pw = palloc (r->p!
> ool, strlen(data[0]) + 1); > strcpy(pw,data[0]); > }
>--
>
>Backtrace:
>--
>
>--
>
>
--
Aram W. Mirzadeh, MIS Manager, Qosina Corporation
http://www.qosina.com/~awm/, awm@qosina.com
Apache httpd server team http://www.apache.org