Received: (qmail 13798 invoked by uid 2012); 30 Sep 1998 09:26:21 -0000 Message-Id: <19980930092621.13797.qmail@hyperreal.org> Date: 30 Sep 1998 09:26:21 -0000 From: Edwin de Vreede Reply-To: edwin@telegraafnet.nl To: apbugs@hyperreal.org Subject: require (group|user) does not allow tabs to separete it from it arguments. X-Send-Pr-Version: 3.2 >Number: 3105 >Category: mod_access >Synopsis: require (group|user) does not allow tabs to separete it from it arguments. >Confidential: no >Severity: serious >Priority: medium >Responsible: apache >State: closed >Class: sw-bug >Submitter-Id: apache >Arrival-Date: Wed Sep 30 02:30:01 PDT 1998 >Last-Modified: Sat Oct 3 08:12:34 PDT 1998 >Originator: edwin@telegraafnet.nl >Organization: >Release: 1.3.2 >Environment: Debian Linux (2.0.35) Linux firewall 2.0.35 #5 GCC (2.7.2.(3)?) probably >Description: When the following (escaped) is put in a .htaccess file with the whitespace between group and members being a tab. require group members and sombody tries to access a document in its scope giving its correct credentials, the server will give an error like this: [Wed Sep 30 10:43:24 1998] [error] [client 127.0.0.1] access to /secured/ failed, reason: user edwin not allowed access when the tab is replaced with space(s) like this: require group members it works fine. >How-To-Repeat: Create a situation like in the Full Description >Fix: - >Audit-Trail: From: James Morris To: edwin@telegraafnet.nl Cc: apbugs@apache.org, apache-bugdb@apache.org Subject: Re: mod_access/3105: require (group|user) does not allow tabs to separete it from it arguments. Date: Thu, 1 Oct 1998 04:56:53 +1000 (EST) The module was using ap_getword with a space for a stop character, preventing it from parsing arguments to the require directive separated by tabs. The following patch seems to fix the problem by calling ap_getword_white, which uses isspace(). Index: apache-1.3/src/modules/standard/mod_auth.c =================================================================== RCS file: /cvs/apache-1.3/src/modules/standard/mod_auth.c,v retrieving revision 1.39 diff -r1.39 mod_auth.c 267c267 < w = ap_getword(r->pool, &t, ' '); --- > w = ap_getword_white(r->pool, &t); State-Changed-From-To: open-closed State-Changed-By: rse State-Changed-When: Sat Oct 3 08:12:34 PDT 1998 State-Changed-Why: This is now fixed for Apache 1.3.3 in mod_auth and mod_auth_db and mod_auth_dbm (which had the same problem). Thanks for your feedback. >Unformatted: [In order for any reply to be added to the PR database, ] [you need to include in the Cc line ] [and leave the subject line UNCHANGED. This is not done] [automatically because of the potential for mail loops. ] [If you do not include this Cc, your reply may be ig- ] [nored unless you are responding to an explicit request ] [from a developer. ] [Reply only with text; DO NOT SEND ATTACHMENTS! ]