fix error message for auth basic module.

Toshikuni Fukaya toshikuni-fukaya at
Tue Feb 24 09:36:47 UTC 2015


I found a little bug on error logging for ngx_http_auth_basic_module.
My config is following:

location / {
  set $file passwd;
  auth_basic "closed";
  auth_basic_user_file /etc/nginx/$file;

When access to the location with wrong user or password,
nginx logged a user file name and it contains null character.

The reason of this is using format '%V' to print user_file.
I think it is a bug because '%s' is used for the variable in other

The patch attached below.

Toshikuni Fukaya

# HG changeset patch
# User Toshikuni Fukaya <toshikuni-fukaya at>
# Date 1424766762 -32400
#      Tue Feb 24 17:32:42 2015 +0900
# Node ID 902c4eda6d80b960991ae05ea2c3d2db8dfdccf0
# Parent  3f568dd68af147b5ba259a27fdc6645f99e87aa7
fix error logging to print file name without null char.

diff -r 3f568dd68af1 -r 902c4eda6d80
--- a/src/http/modules/ngx_http_auth_basic_module.c     Tue Feb 17
16:27:52 2015 +0300
+++ b/src/http/modules/ngx_http_auth_basic_module.c     Tue Feb 24
17:32:42 2015 +0900
@@ -280,8 +280,8 @@

     ngx_log_error(NGX_LOG_ERR, r->connection->log, 0,
-                  "user \"%V\" was not found in \"%V\"",
-                  &r->headers_in.user, &user_file);
+                  "user \"%V\" was not found in \"%s\"",
+                  &r->headers_in.user,;

     return ngx_http_auth_basic_set_realm(r, &realm);

More information about the nginx-devel mailing list