Re: [hackers] [quark][PATCH] Don't erase response on http_send_error_response

From: José Miguel Sánchez García <soy.jmi2k_AT_gmail.com>
Date: Mon, 26 Oct 2020 11:34:17 +0100

On 10/26/2020 8:34 AM, Laslo Hunhold wrote:

> Definitely don't make exceptions here, because erasing the entire
> struct is a consistency measure and being inconsistent there
> complicates the semantics.

I'll be careful then.

> I also don't see a reason for the constraints you mention. Just add an
> array of group-auth-pairs to the server struct and also add a
> group-auth-pair to the req-struct that you then fill when you parse the
> request fields in http_parse_header(). Then later, in
> http_prepare_header_buf(), you check if they match and either send
> an error-header (access denied) or allow access.
>
> In case the auth-field is empty but the file requires a password, you,
> in turn, send the desired header to ask for auth.

You are absolutely right, and I just didn't see it when I was working on
it. Sorry for wasting your time.

Best regards,
José Miguel
Received on Mon Oct 26 2020 - 11:34:17 CET

This archive was generated by hypermail 2.3.0 : Mon Oct 26 2020 - 11:36:34 CET