]> granicus.if.org Git - apache/commitdiff
Merge r1523239 from trunk:
authorJim Jagielski <jim@apache.org>
Tue, 17 Sep 2013 18:47:19 +0000 (18:47 +0000)
committerJim Jagielski <jim@apache.org>
Tue, 17 Sep 2013 18:47:19 +0000 (18:47 +0000)
mod_auth_digest: Be more specific when the realm mismatches because the
realm has not been specified.

Submitted by: minfrin
Reviewed/backported by: jim

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1524172 13f79535-47bb-0310-9956-ffa450edef68

CHANGES
STATUS
modules/aaa/mod_auth_digest.c

diff --git a/CHANGES b/CHANGES
index fa54294e12e20768b2fe4222a150b32b8fa934fe..2f600505b9d77a997f1453818758ddfc4b71a34c 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -2,6 +2,9 @@
 
 Changes with Apache 2.4.7
 
+  *) mod_auth_digest: Be more specific when the realm mismatches because the
+     realm has not been specified. [Graham Leggett]
+
   *) mod_proxy: Add a note in the balancer manager stating whether changes
      will or will not be persisted. [Daniel Ruggeri]
 
diff --git a/STATUS b/STATUS
index 586ad3a2303b1723ca4f75485336dc6562fb7250..62dc9c51713c20935f65281271bd1e066d48cf01 100644 (file)
--- a/STATUS
+++ b/STATUS
@@ -97,12 +97,6 @@ RELEASE SHOWSTOPPERS:
 PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
   [ start all new proposals below, under PATCHES PROPOSED. ]
 
-  * mod_auth_digest: Be more specific when the realm mismatches because the
-    realm has not been specified.
-    trunk: http://svn.apache.org/viewvc?view=revision&revision=1523239
-    2.4.x patch: trunk patch works, modulo CHANGES and next-number
-    +1: minfrin, druggeri, chrisd
-
   * mod_cache: Correct LOGNO which has not been updated when r1481396 was backported 
     trunk: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/cache/mod_cache.c?r1=1481396&r2=1481395&pathrev=1481396
     2.4.x: http://people.apache.org/~jailletc36/1481396.patch
index 987e5b5b0452af702e8cd4dfc6f37ff99a34e50d..dcf1e15ba1742f70aa5df48595698476bd95cd5c 100644 (file)
@@ -1811,7 +1811,15 @@ static int authenticate_digest_user(request_rec *r)
         return HTTP_UNAUTHORIZED;
     }
 
-    if (strcmp(resp->realm, conf->realm)) {
+    if (!conf->realm) {
+        ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(02533)
+                      "realm mismatch - got `%s' but no realm specified",
+                      resp->realm);
+        note_digest_auth_failure(r, conf, resp, 0);
+        return HTTP_UNAUTHORIZED;
+    }
+
+    if (!resp->realm || strcmp(resp->realm, conf->realm)) {
         ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(01788)
                       "realm mismatch - got `%s' but expected `%s'",
                       resp->realm, conf->realm);