diff options
author | Glenn Strauss <gstrauss@gluelogic.com> | 2020-08-30 05:20:38 -0400 |
---|---|---|
committer | Glenn Strauss <gstrauss@gluelogic.com> | 2020-10-11 11:43:06 -0400 |
commit | cf0098eac8a12a8dfd700285a659af4639788a91 (patch) | |
tree | e51aec90ae60935b0bed19daad864b7c024f6710 /src/mod_auth.c | |
parent | cae205ad991ced53a2268e92b79fd21771df7ff6 (diff) | |
download | lighttpd-git-cf0098eac8a12a8dfd700285a659af4639788a91.tar.gz |
[mod_auth] fix crash if auth.require misconfigured (fixes #3023)
(thx veyrdite)
x-ref:
"Segfault with mod_auth & htpasswd (lighttpd.conf misconfig)"
https://redmine.lighttpd.net/issues/3023
Diffstat (limited to 'src/mod_auth.c')
-rw-r--r-- | src/mod_auth.c | 23 |
1 files changed, 18 insertions, 5 deletions
diff --git a/src/mod_auth.c b/src/mod_auth.c index b76cf0f0..d009734d 100644 --- a/src/mod_auth.c +++ b/src/mod_auth.c @@ -738,8 +738,15 @@ static handler_t mod_auth_check_basic(request_st * const r, void *p_d, const str char *pw; handler_t rc = HANDLER_UNSET; - if (NULL == backend) { - log_error(r->conf.errh, __FILE__, __LINE__, "auth.backend not configured for %s", r->uri.path.ptr); + if (NULL == backend || NULL == backend->basic) { + if (NULL == backend) + log_error(r->conf.errh, __FILE__, __LINE__, + "auth.backend not configured for %s", r->uri.path.ptr); + else + log_error(r->conf.errh, __FILE__, __LINE__, + "auth.require \"method\" => \"basic\" invalid " + "(try \"digest\"?) for %s", + r->uri.path.ptr); r->http_status = 500; r->handler_module = NULL; return HANDLER_FINISHED; @@ -1208,9 +1215,15 @@ static handler_t mod_auth_check_digest(request_st * const r, void *p_d, const st dkv[7].ptr = &nc; dkv[8].ptr = &respons; - if (NULL == backend) { - log_error(r->conf.errh, __FILE__, __LINE__, - "auth.backend not configured for %s", r->uri.path.ptr); + if (NULL == backend || NULL == backend->digest) { + if (NULL == backend) + log_error(r->conf.errh, __FILE__, __LINE__, + "auth.backend not configured for %s", r->uri.path.ptr); + else + log_error(r->conf.errh, __FILE__, __LINE__, + "auth.require \"method\" => \"digest\" invalid " + "(try \"basic\"?) for %s", + r->uri.path.ptr); r->http_status = 500; r->handler_module = NULL; return HANDLER_FINISHED; |