joe at manyfish.co.uk
Tue Mar 1 08:31:37 EST 2011
On Tue, Mar 01, 2011 at 02:19:52PM +0100, Patrick Ohly wrote:
> On Di, 2011-03-01 at 09:18 +0100, Henrik Holst wrote:
> > 2011/2/28 Joe Orton <joe at manyfish.co.uk>:
> > >> There is another use case. I am working on a CalDAV/CardDAV backend for
> > >> SyncEvolution, a PIM data synchronization tool. Right now I am trying to get
> > >> service discovery via DNS SRV and /.well-know/[carddav|caldav] working.
> > >
> > > http://tools.ietf.org/html/rfc4918#appendix-E
> > >
> > > has guidance on the "how to trigger authentication" problem.
> > One just has to love the text of that rfc: "This appendix
> > describes a couple approaches that seem particularly likely to work."
This topic was controversial within the DAV working group, so there is
some history behind that particular choice of wording ;) It's a
difficult problem. See e.g. this thread:
> My code passes temporary strings to ne_request_create(). ne_request.c
> itself copies the strings (as expected) but it also passes the caller's
> "method" string (and not the copy!) to ne_auth.c/ah_create(), which then
> leads to a read-after-free error in request_digest(). Patch attached.
Great catch, thanks a lot! I've committed this.
More information about the neon