On Fri, 27 Feb 2004, OTR Comm wrote:

> case 'C':
> if (r->auth_user_request) {
> if (authenticateUserRequestUsername(r->auth_user_request))
> p =
> xstrdup(authenticateUserRequestUsername(r->auth_user_request));
> authenticateAuthUserRequestUnlock(r->auth_user_request);
> r->auth_user_request = NULL;

The last two lines should not be here (Unlock and = NULL). If you do this
then the user information will be lost for access.log and also
http_reply_access may fail if you plan on using authentication there..

Also you should not use xstrdup here.