Be less tolerant when parsing the credencial for Basic authorization. Only spaces should be accepted after the authorization scheme. \t are also tolerated.

The current code accepts \v and \f as well. The same behavior is already used in 'ap_get_basic_auth_pw()' which is mostly the same function as 'get_basic_auth()'. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1817131 13f79535-47bb-0310-9956-ffa450edef68
author: Christophe Jaillet <jailletc36@apache.org> 2017-12-04 22:54:58 +0100
committer: Christophe Jaillet <jailletc36@apache.org> 2017-12-04 22:54:58 +0100
commit: 8fcc6f170adfc894b08f7f3d0348535dd215f67c (patch)
tree: 6aefd4326eb2721bdd8d0e6f58661634c61b993b /modules/aaa
parent: Use ap_cstr_casecmp instead of strcasecmp. (diff)
download: apache2-8fcc6f170adfc894b08f7f3d0348535dd215f67c.tar.xz
apache2-8fcc6f170adfc894b08f7f3d0348535dd215f67c.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/modules/aaa/mod_auth_basic.c b/modules/aaa/mod_auth_basic.c
index 5b32e00620..55ea8adf37 100644
--- a/modules/aaa/mod_auth_basic.c
+++ b/modules/aaa/mod_auth_basic.c
@@ -270,7 +270,7 @@ static int get_basic_auth(request_rec *r, const char **user,
     }
 
     /* Skip leading spaces. */
-    while (apr_isspace(*auth_line)) {
+    while (*auth_line == ' ' || *auth_line == '\t') {
         auth_line++;
     }
author	Christophe Jaillet <jailletc36@apache.org>	2017-12-04 22:54:58 +0100
committer	Christophe Jaillet <jailletc36@apache.org>	2017-12-04 22:54:58 +0100
commit	8fcc6f170adfc894b08f7f3d0348535dd215f67c (patch)
tree	6aefd4326eb2721bdd8d0e6f58661634c61b993b /modules/aaa
parent	Use ap_cstr_casecmp instead of strcasecmp. (diff)
download	apache2-8fcc6f170adfc894b08f7f3d0348535dd215f67c.tar.xz apache2-8fcc6f170adfc894b08f7f3d0348535dd215f67c.zip