mod_auth_cas bug?
Nicolas Clemeur
nclemeur at daesim.com
Sat Nov 3 00:16:01 EDT 2007
Hello,
I think I have found a problem in the way mod_auth_cas is parsing
the url to retrieve the ticket. If you look at the getCASTicket
function. You'll see the code below:
/* tokenize on & to find the 'ticket' parameter */
ticket = apr_strtok(args, "&", &tokenizerCtx);
do {
if(strncmp(ticket, "ticket=", 7) == 0) {
ticketFound = TRUE;
/* skip to the meat of the parameter (the value after the '=') */
ticket += 7;
rv = apr_pstrdup(r->pool, ticket);
break;
}
ticket = apr_strtok(NULL, "&", &tokenizerCtx);
/* no more parameters */
if(ticket == NULL)
break;
} while (ticketFound == FALSE);
This code fails with a seg fault if the url is ended with a "?" but has no
parameters (as an example,
http://www.ja-sig.org/issues/secure/IssueNavigator.jspa? would fail if
mod_auth_cas was used)
I have just fix that problem with the following code:
ticket = apr_strtok(args, "&", &tokenizerCtx);
while (ticket != NULL && ticketFound == FALSE) {
if(strncmp(ticket, "ticket=", 7) == 0) {
ticketFound = TRUE;
/* skip to the meat of the parameter (the value after the '=') */
ticket += 7;
rv = apr_pstrdup(r->pool, ticket);
break;
}
ticket = apr_strtok(NULL, "&", &tokenizerCtx);
}
Best regards,
Nicolas
More information about the cas
mailing list