You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@httpd.apache.org by Cliff Skolnick <cl...@organic.com> on 1995/10/14 06:06:31 UTC

WWW Form Bug Report: "if no 'requires' in limit with auth in affect, get bad server response" on Solaris 2.x (fwd)

Can someone respond to this guy?

---------- Forwarded message ----------
Date: Fri Oct 13 17:50:27 1995
From: chris@nrdev.com
To: cliff@organic.com
Subject: WWW Form Bug Report: "if no 'requires' in limit with auth in affect, get bad server response" on Solaris 2.x

Submitter: chris@nrdev.com
Operating system: Solaris 2.x, version: 
Extra Modules used: 
URL exhibiting problem: 

Symptoms:
--
this may simply highlight a need for stronger access.conf parsing, or it's a bug - i don't know what 'the spec' states...  if i have (note that the 'require' statement is commented out):  <Directory /opt/apache/httpd/htdocs/special> Options Indexes FollowSymLinks MultiViews  <Limit GET> order allow,deny allow from all #require valid-user </Limit>  AuthName NetRunner Special Stuff AuthType Basic AuthUserFile /opt/apache/httpd/conf/htpasswd AuthGroupFile /opt/apache/httpd/conf/htgroup  AllowOverride All </Directory>  the server returns a document with no data (with netscape) or it crashes (with a client that i am writing).  the crash is in mod_auth.c:check_user_access().  variable reqs_arr is NULL, but is ref'd in a subsequent statement.  seems like one of two things should happen in this case:  1) during parsing of access.conf, fail because 'require'   is missing 2) assume 'require valid_user' if require is missing   but Auth* is there.
--

Backtrace:
--

--

Re: WWW Form Bug Report: "if no 'requires' in limit with auth in affect, get bad server response" on Solaris 2.x (fwd)

Posted by Brian Behlendorf <br...@organic.com>.

On Fri, 13 Oct 1995, Cliff Skolnick wrote:
> seems like one of two things should happen
> in this case:  1) during parsing of access.conf, fail because 'require' 
> is missing 2) assume 'require valid_user' if require is missing but 
> Auth* is there. 

Both reasonable suggestions.  I am starting to worry that a big usability 
problem is going to be that Apache core dumps instead of providing 
helpful comments when something in the config files is even slightly less 
than kosher.  

	Brian

--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--
brian@organic.com  brian@hyperreal.com  http://www.[hyperreal,organic].com/