This is a 2 part email regarding what appears to be a bug and also minor enhancement request
Fist off this is a Slackware 10.2 box / Perl 5.8.7 / GNUMP3d 2.7
Both issues revolve around authentication via password protection.
Issue 1: -----------
When navigate go to my gnump3d
server which is configured for password protection, and purposly fail
the login prompt, the child perl process uses ~50% CPU indefinately and
spews this repeatedly to the error log:
Use of uninitialized value in length at (eval 26) line 414. Use of uninitialized value in pattern match (m//) at (eval 26) line 397. Use of uninitialized value in pattern match (m//) at (eval 26) line 405.
I only allowed it to run for 15 minutes, but it appears to be an infinite loop. Has anyone see anything similar ?
Issue 2: ------------
It
seems to me that on a failed login attempt (and I would assume a denied
host - although I havn't tested that one) that, as a matter of course,
the server should disclose as little information as possible about the
service to which access was denied.
Currently upon bad login you are greeted with a fully
templated error page that states both the applications name and exact
revision.
Would it be possible to add an option for a "sparse" error page on access denied?