mod_auth_cas bug?

Sat Nov 3 12:08:58 EDT 2007

Nicolas,
Thanks for the bug report.  This is now fixed in the svn trunk.

-Phil

-----Original Message-----
From: cas-bounces at tp.its.yale.edu [mailto:cas-bounces at tp.its.yale.edu] On Behalf Of Nicolas Clemeur
Sent: Saturday, November 03, 2007 12:16 AM
To: cas at tp.its.yale.edu
Subject: mod_auth_cas bug?

Hello,

I think I have found a problem in the way mod_auth_cas is parsing
the url to retrieve the ticket. If you look at the getCASTicket 
function. You'll see the code below:

/* tokenize on & to find the 'ticket' parameter */
ticket = apr_strtok(args, "&", &tokenizerCtx);
do {
     if(strncmp(ticket, "ticket=", 7) == 0) {
	ticketFound = TRUE;
	/* skip to the meat of the parameter (the value after the '=') */
		ticket += 7; 
		rv = apr_pstrdup(r->pool, ticket);
		break;
	}
	ticket = apr_strtok(NULL, "&", &tokenizerCtx);
	/* no more parameters */
	if(ticket == NULL)
		break;
} while (ticketFound == FALSE);

This code fails with a seg fault if the url is ended with a "?" but has no
parameters (as an example, 
http://www.ja-sig.org/issues/secure/IssueNavigator.jspa? would fail if 
mod_auth_cas was used)

I have just fix that problem with the following code:

ticket = apr_strtok(args, "&", &tokenizerCtx);
while (ticket != NULL && ticketFound == FALSE) {
    if(strncmp(ticket, "ticket=", 7) == 0) {
         ticketFound = TRUE;
         /* skip to the meat of the parameter (the value after the '=') */
         ticket += 7;
         rv = apr_pstrdup(r->pool, ticket);
         break;
     }
     ticket = apr_strtok(NULL, "&", &tokenizerCtx);
}

Best regards,

Nicolas

_______________________________________________
Yale CAS mailing list
cas at tp.its.yale.edu
http://tp.its.yale.edu/mailman/listinfo/cas