outch. there are some possible NULL pointer references. Have you ever tried

AuthDigestProvider dbm? This results in a great kaboom. The patch makes
apache throw an error, if someone tries a provider, that doesn't support
the particular auth scheme.

Submitted by:	Andre Malo <nd@perlig.de>

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@97802 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/modules/aaa/mod_auth_basic.c b/modules/aaa/mod_auth_basic.c
index 0ac5cf9b1d421a7816c39695c6acb0663798a30b..62251cddcee4f9215e59812a1c2091475771b127 100644 (file)
--- a/modules/aaa/mod_auth_basic.c
+++ b/modules/aaa/mod_auth_basic.c
@@ -125,6 +125,13 @@ static const char *add_authn_provider(cmd_parms *cmd, void *config,
                             newp->provider_name);
     }
 
+    if (!newp->provider->check_password) {
+        /* if it doesn't provide the appropriate function, reject it */
+        return apr_psprintf(cmd->pool,
+                            "The '%s' Authn provider doesn't support "
+                            "Basic Authentication", provider_name);
+    }
+
     /* Add it to the list now. */
     if (!conf->providers) {
         conf->providers = newp;
@@ -257,6 +264,13 @@ static int authenticate_basic_user(request_rec *r)
         if (!current_provider) {
             provider = ap_lookup_provider(AUTHN_PROVIDER_GROUP,
                                           AUTHN_DEFAULT_PROVIDER, "0");
+
+            if (!provider || !provider->check_password) {
+                ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
+                              "No Authn provider configured");
+                auth_result = AUTH_GENERAL_ERROR;
+                break;
+            }
         }
         else {
             provider = current_provider->provider;

diff --git a/modules/aaa/mod_auth_digest.c b/modules/aaa/mod_auth_digest.c
index 2669fafa1b483f5bcd555e209c08c0a97d850c18..9186bfb2904513b4e8f1a3cbbe060b02e0ecbcfd 100644 (file)
--- a/modules/aaa/mod_auth_digest.c
+++ b/modules/aaa/mod_auth_digest.c
@@ -516,6 +516,13 @@ static const char *add_authn_provider(cmd_parms *cmd, void *config,
                             newp->provider_name);
     }
 
+    if (!newp->provider->get_realm_hash) {
+        /* if it doesn't provide the appropriate function, reject it */
+        return apr_psprintf(cmd->pool,
+                            "The '%s' Authn provider doesn't support "
+                            "Digest Authentication", provider_name);
+    }
+
     /* Add it to the list now. */
     if (!conf->providers) {
         conf->providers = newp;
@@ -1477,6 +1484,13 @@ static const char *get_hash(request_rec *r, const char *user,
         if (!current_provider) {
             provider = ap_lookup_provider(AUTHN_PROVIDER_GROUP,
                                           AUTHN_DEFAULT_PROVIDER, "0");
+
+            if (!provider || !provider->get_realm_hash) {
+                ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
+                              "No Authn provider configured");
+                auth_result = AUTH_GENERAL_ERROR;
+                break;
+            }
         }
         else {
             provider = current_provider->provider;