fix error message for auth basic module.

Maxim Dounin mdounin at
Wed Feb 25 15:25:18 UTC 2015


On Wed, Feb 25, 2015 at 11:19:22AM +0900, Toshikuni Fukaya wrote:

> Hi,
> On 2015/02/25 1:34, Maxim Dounin wrote:
> >Hello!
> >
> >On Tue, Feb 24, 2015 at 06:36:47PM +0900, Toshikuni Fukaya wrote:
> >
> >>Hi,
> >>
> >>I found a little bug on error logging for ngx_http_auth_basic_module.
> >>My config is following:
> >>
> >>location / {
> >>   set $file passwd;
> >>   auth_basic "closed";
> >>   auth_basic_user_file /etc/nginx/$file;
> >>}
> >>
> >>When access to the location with wrong user or password,
> >>nginx logged a user file name and it contains null character.
> >>
> >>The reason of this is using format '%V' to print user_file.
> >>I think it is a bug because '%s' is used for the variable in other
> >>positions.
> >
> >Normally, variables which are nginx strings and at the same time
> >point to files do have a NULL character at the end (because it's
> >required to work with system calls), but it doesn't included in
> >the len field.  That is, one can use either %s with
> >or %V with &user_file.  The %s variant was used in syscall-related
> >messages (to make sure to print the name used by syscalls), and %V
> >in normal code.
> >
> >In this particular case the problem seems to be introduced by
> >the revision a6954ce88b80 (
> >during conversion to complex values.  Previously, the invariant
> >outlined above was held, but after a6954ce88b80 if auth_basic_user_file
> >contains variables, then user_files.len includes a NULL character.
> >
> >While using %s in all cases as in your patch will fix the problem,
> >I would rather prefer to see the invariant restored.
> >
> I understand the real reason of the problem.
> To solve this, I should add a null char to but should not add
> a length of such null char to ngx_str_t.len. ok?
> If true, will I need to fix ngx_http_script_done and
> ngx_http_script_add_copy_code not to add a length of null char?

Yes, something like this.  Not sure if it would be something easy 
to fix though.

Maxim Dounin

More information about the nginx-devel mailing list