www/apache
1
0
Fork 0
mirror of https://github.com/apache/httpd.git synced 2025-08-08 15:02:10 +03:00
Code Activity

* modules/ssl/ssl_engine_kernel.c (ssl_hook_UserCheck): Check username

Browse Source 
does not contain a colon before constructing Authorization header
  for FakeBasicAuth mode. (Also constify 'user' variable.)

PR: 52644


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1815592 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Joe Orton
2017-11-17 17:14:32 +00:00
parent 94d90f41b2
commit 0b9b299354
2 changed files with 12 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
modules/ssl/ssl_engine_kernel.c
View File

@@ -1181,8 +1181,7 @@ int ssl_hook_UserCheck(request_rec *r)
SSLConnRec *sslconn = myConnConfig(r->connection);
SSLSrvConfigRec *sc = mySrvConfig(r->server);
SSLDirConfigRec *dc = myDirConfig(r);
char *user;
const char *auth_line, *username, *password;
const char *user, *auth_line, *username, *password;
/*
* Additionally forbid access (again)
@@ -1258,7 +1257,14 @@ int ssl_hook_UserCheck(request_rec *r)
}
}
else {
user = (char *)sslconn->client_dn;
user = sslconn->client_dn;
}
if (ap_strchr_c(user, ':') != NULL) {
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(10096)
"Cannot use FakeBasicAuth for username "
"containing a colon: %s", user);
return HTTP_FORBIDDEN;
}
/*