segfault in http kioslave
Waldo Bastian
bastian at kde.org
Tue Sep 17 07:03:40 BST 2002
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Monday 16 September 2002 10:40 pm, Dawit A. wrote:
> I know why this bug occurs. We default to the strongest possible
> authentication by default which in retrospect is not a good idea since more
> information is needed to compute digest authentication. It would have
> worked without a problem if we defaulted to "Basic". Will fix this issue.
> BTW, how did you register the password before hand ? If it was done
> through the interface this should not have happened.
We shouldn't default to anything in that case IMO and just make the server
roundtrip.
> Patch below should fix it. It mostly likely happens because we recently
> started accepting authentication names in non-case sensitive format, but
> the code code that sends preemptive authentication info used "startWith" to
> do the check.
No, if we get "basic" as response we fix that to "Basic" so case sensitive
comparisons will keep working.
> You then got the segfault for the same reason I stated
> above...
>
> > > Are there any recent changes to the authentication code in kio_http
> > > that could have caused this?
> >
> > I think it did it wrong for quite some time, but a recent change might be
> > responsible for the segfaults.
> >
> > Does it help if you change 2189 to:
> > if ( checkCachedAuthentication( info ) &&
> > !info.digestInfo.isEmpty())
>
> Hmm... Actually, checkCachedAuthentication should return false if
> info.digestInfo is empty at least that was the way it was IIRC.
No, the way it was is that info.digestInfo was empty in the case of Basic
authentication. But that lead to a bug where we authenticated using Basic
authentication while we should use Digest for some reason. Probably in the
same situation that triggers the current bug. Luckily we can now detect this
situation and ignore it.
> Anyways,
> here is a better patch to fix both yours and Jean's issue. Default to
> Basic and make case insensitive comparison:
No, that's not the right patch. If digestnfo is empty we shouldn't send
anything because we don't know what the server expects.
Cheers,
Waldo
- --
bastian at kde.org | SuSE Labs KDE Developer | bastian at suse.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE9hsW8N4pvrENfboIRAo7DAKCf5MCTnDBXj5nhUIkPDE3kgrg2tQCgqz5C
a37bm0UPn9ChY+PxUvNP89o=
=/4p4
-----END PGP SIGNATURE-----
More information about the kfm-devel
mailing list