Silence compiler warnings: - modules/aaa/mod_authnz_fcgi.c:705: warning: 'orspbuflen' may be used uninitialized in this function - modules/aaa/mod_authnz_fcgi.c:1235: warning: comparison is always false due to limited range of data type

mod_authnz_fcgi: we don't need to add the trailing '\0' to parse response headers since r1640036.

mod_proxy_fcgi, mod_authnz_fcgi: stop reading the response and issue an error when parsing or forwarding the response fails.

mod_proxy_fcgi: SECURITY: CVE-2014-3583 (cve.mitre.org) Fix a potential crash with response headers' size above 8K. The code changes to mod_authnz_fcgi keep the handle_headers() function in sync between the two modules. mod_authnz_fcgi does not have this issue because it allocated a separate byte for terminating '\0'.

Revert r1638818, r1639812, r1639717 and r1639814 for new staging.

mod_authnz_fcgi: follow up to r1639717. Let ap_scan_script_header*() validate the headers.

mod_authnz_fcgi: Fix a potential crash with response headers' size above 8K. (similar to r1638818 for mod_proxy_fcgi).

Silence compiler warning: mod_authnz_fcgi.c:580:44: warning: 'orspbuflen' may be used uninitialized in this function. Not true but annoying.

move a temporary table from r->pool to a temporary pool we've already allocated in order to avoid a longer lifetime than necessary for the table memory Suggested by: jailletc36

axe unnecessary preparation for some other module using [ap_]connect_to_peer() and passing in its own module identifier Pointed out by: jailletc36

Use 'apr_table_setn' instead of 'apr_table_set' when possible in order to save memory.

At least one authorizer that doesn't use libfcgi directly or indirectly does not like getting an empty FCGI_STDIN block. Don't send it. (Other mods for httpd didn't send it to authorizers either.)

allow building mod_authnz_fcgi with 2.4.x branch

Add "default user id" capability for authorizers that handle check_authn and return success but don't have a specific user id to assign (e.g., guest users).

mod_authnz_fcgi: New module to enable FastCGI authorizer applications to authenticate and/or authorize clients. A fair amount of code was taken from or at least based on mod_proxy_fcgi, with a smaller amount taken from mod_fcgid.