Summary: | segmentation fault during a false request | ||
---|---|---|---|
Product: | Apache httpd-2 | Reporter: | Petr Gajdos <pgajdos> |
Component: | mod_auth_digest | Assignee: | Apache HTTPD Bugs Mailing List <bugs> |
Status: | NEW --- | ||
Severity: | normal | ||
Priority: | P2 | ||
Version: | 2.4.23 | ||
Target Milestone: | --- | ||
Hardware: | PC | ||
OS: | Linux |
Description
Petr Gajdos
2016-08-31 15:05:09 UTC
(In reply to Petr Gajdos from comment #0) > Unfortunately I have not learned the aim of the opaque code in > note_digest_auth_failure() to be able to think about a patch. When I run > just: > > $ curl -i http://localhost:60080/index.html > > I got 401 correctly but gen_client()/add_client() is not called at all. > During the first curl command (with the opaque= in the header) these two are > called. In other words: if you look at example flow (run.sh) in: https://github.com/pgajdos/apache-rex/tree/master/mod_auth_digest-Authorization There is 'opaque=' parameter nowhere in 'Authentication-Info' header in 200-response. So I am just not sure when opaque= (~ number of client here?) parameter is sent to client; note_digest_auth_failure()'s code seems to heavily depend on its value trough resp->opaque, which is set only while parsing Authorization: header, if I understand correctly. |