Merge pull request #132 from hendrikp/master

Fixed crash and description for digest authentication

UserManual.md

@@ -186,11 +186,18 @@ working directory. If absent (default), then errors are not logged.
 ### enable\_directory\_listing `yes`
 Enable directory listing, either `yes` or `no`.
 
-### global\_passwords\_file
+### global\_auth\_file
 Path to a global passwords file, either full path or relative to the current
 working directory. If set, per-directory `.htpasswd` files are ignored,
 and all requests are authorised against that file.
 
+The file has to include the realm set through `authentication_domain` and the password in digest format:
+
+    user:realm:digest
+    test:test.com:ce0220efc2dd2fad6185e1f1af5a4327
+
+(e.g. use [this generator](http://www.askapache.com/online-tools/htpasswd-generator))
+
 ### index_files `index.html,index.htm,index.cgi,index.shtml,index.php`
 Comma-separated list of files to be treated as directory index
 files.

mongoose.c

@@ -5017,6 +5017,7 @@ static void process_new_connection(struct mg_connection *conn) {
     }
     if (ri->remote_user != NULL) {
       free((void *) ri->remote_user);
+      ri->remote_user = NULL; // when having connections with and without auth would cause double free and then crash
     }
 
     // NOTE(lsm): order is important here. should_keep_alive() call