Prevent segv in ap_note_basic_auth_failure() when no AuthName is configured

PR:
Obtained from:
Submitted by:	John Sterling <sterling@covalent.net>
Reviewed by:	dougm

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@92072 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/CHANGES b/CHANGES
index 0d538096158b7f31d4e73e8aa129679194aa89a9..0527f520dcb74fde3a01594cf425f3bbba8fb752 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -1,4 +1,6 @@
 Changes with Apache 2.0.29-dev
+  *) Prevent segv in ap_note_basic_auth_failure() when no AuthName is
+     configured [John Sterling <sterling@covalent.net>]
 
   *) Fix apxs to use sbindir.  [Henri Gomez <hgomez@slib.fr>]
 

diff --git a/server/protocol.c b/server/protocol.c
index 37437b03ca7d87011eb2321b724d53e9a24e7326..ab79ec1b0e17c9606be428b7af2bb95628ce269f 100644 (file)
--- a/server/protocol.c
+++ b/server/protocol.c
@@ -756,15 +756,25 @@ AP_DECLARE(void) ap_finalize_request_protocol(request_rec *r)
 
 AP_DECLARE(void) ap_note_auth_failure(request_rec *r)
 {
-    if (!strcasecmp(ap_auth_type(r), "Basic"))
-        ap_note_basic_auth_failure(r);
-    else if (!strcasecmp(ap_auth_type(r), "Digest"))
-        ap_note_digest_auth_failure(r);
+    const char *type = ap_auth_type(r);
+    if (type) {
+        if (!strcasecmp(type, "Basic"))
+            ap_note_basic_auth_failure(r);
+        else if (!strcasecmp(type, "Digest"))
+            ap_note_digest_auth_failure(r);
+    }
+    /* XXX: else there is no AuthType configured
+     *      should we log an error or something ?
+     */
 }
 
 AP_DECLARE(void) ap_note_basic_auth_failure(request_rec *r)
 {
-    if (strcasecmp(ap_auth_type(r), "Basic"))
+    const char *type = ap_auth_type(r);
+    /* if there is no AuthType configure or it is something other than
+     * Basic, let ap_note_auth_failure() deal with it
+     */
+    if (!type || strcasecmp(type, "Basic"))
         ap_note_auth_failure(r);
     else
         apr_table_setn(r->err_headers_out,