Missing check for base64 decoding of the credentials during basic auth.
=========================================================================

 Description
-------------

The return value of base64_decode was not checked properly when parsing
the credentials for basic auth. This leads to accessing uninitialized memory.

mod_auth is not loaded by default and it needs to be configured to be used.

Bug reported by Stefan Esser.

 Affected versions
-------------------

All previous versions.

 Solutions or Workaround
-------------------------

There is no known workaround. Please update to 1.4.16 or apply
lighttpd-1.4.x_mod_auth_sec.patch. The patch fixes also:
lighttpd_sa2007_04
lighttpd_sa2007_05
lighttpd_sa2007_06
lighttpd_sa2007_07