From: Graham Leggett Date: Sat, 14 Sep 2013 13:48:46 +0000 (+0000) Subject: mod_auth_digest: Be more specific when the realm mismatches because the X-Git-Tag: 2.5.0-alpha~5062 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=4b7e438b314757d72373e0cd8f9573c2f166e277;p=apache mod_auth_digest: Be more specific when the realm mismatches because the realm has not been specified. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1523239 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/CHANGES b/CHANGES index 026428b235..3d674a82c8 100644 --- a/CHANGES +++ b/CHANGES @@ -1,6 +1,9 @@ -*- coding: utf-8 -*- Changes with Apache 2.5.0 + *) mod_auth_digest: Be more specific when the realm mismatches because the + realm has not been specified. [Graham Leggett] + *) mod_cache: Avoid a crash with strcmp() when the hostname is not provided. [Graham Leggett] diff --git a/docs/log-message-tags/next-number b/docs/log-message-tags/next-number index 96633c95e7..2c7a84e8e4 100644 --- a/docs/log-message-tags/next-number +++ b/docs/log-message-tags/next-number @@ -1 +1 @@ -2533 +2534 diff --git a/modules/aaa/mod_auth_digest.c b/modules/aaa/mod_auth_digest.c index da80b7d265..7561d8f063 100644 --- a/modules/aaa/mod_auth_digest.c +++ b/modules/aaa/mod_auth_digest.c @@ -1691,7 +1691,15 @@ static int authenticate_digest_user(request_rec *r) return HTTP_UNAUTHORIZED; } - if (strcmp(resp->realm, conf->realm)) { + if (!conf->realm) { + ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(02533) + "realm mismatch - got `%s' but no realm specified", + resp->realm); + note_digest_auth_failure(r, conf, resp, 0); + return HTTP_UNAUTHORIZED; + } + + if (!resp->realm || strcmp(resp->realm, conf->realm)) { ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(01788) "realm mismatch - got `%s' but expected `%s'", resp->realm, conf->realm);