Commit 29908f1c authored by Jeff Trawick's avatar Jeff Trawick
Browse files

mod_digest: Fix another nonce string calculation issue. 

Submitted by:  Eric Covener
Reviewed by:   trawick, jorton, jim



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/1.3.x@156287 13f79535-47bb-0310-9956-ffa450edef68
parent e6afccd8

STATUS

+0 −5
Original line number Diff line number Diff line
@@ -53,11 +53,6 @@ RELEASE SHOWSTOPPERS: 


PROPOSED PATCHES FOR THIS RELEASE:



   *) ap_auth_nonce misuse of ap_snprintf (Eric Covener patch)

      [1.3 PATCH] mod_digest: ap_auth_nonce returns diff value between calls

      (using the s/%pI/%pA/ proposal)

      +1: trawick, jorton, jim



   *) mod_log_config: Cleanup log_header_out function to allow multiple headers

      like Set-Cookie to be logged properly. PR 27787 

        modules/loggers/mod_log_config.c: r1.116 (2.x patch - need 1.3 version)

src/CHANGES

+4 −1
Original line number Diff line number Diff line 
Changes with Apache 1.3.34



  *) mod_digest: Fix another nonce string calculation issue.

     [Eric Covener]



Changes with Apache 1.3.33



  *) SECURITY: CAN-2004-0940 (cve.mitre.org)

src/main/http_core.c

+1 −1
Original line number Diff line number Diff line
@@ -563,7 +563,7 @@ API_EXPORT(const char *) ap_auth_nonce(request_rec *r) 
     * But then again - you should use AuthDigestRealmSeed in your config

     * file if you care. So the adhoc value should do.

     */

    return ap_psprintf(r->pool,"%pI%pp%pp%pp%pp",

    return ap_psprintf(r->pool,"%pA%pp%pp%pp%pp",

           &r->connection->local_addr.sin_addr,

           (void *)ap_user_name,

           (void *)ap_listeners,