Observed inconsistency in HTTP headers (headers_in.user)

Anthony Ryan anthonyryan1 at gmail.com
Sun May 22 00:27:29 MSD 2011


I recently began development of a HTTP Auth module to make use of an
existing user authentication backend my company uses, and encountered
something I believe to be a bug in Nginx.

Observation was that given ngx_http_request_t *r and an auth of
"username" & "password" (respectively).

r->headers_in.user.data was equal to "username:password"
r->headers_in.user.len was equal to 8 for username

I believe that this is a bug and that user.data was intended to be
truncated to the "username" alone.

The tested version is 1.0.0
The development environment was Ubuntu 11.04
Configured from source with the following options

./configure \
	--sbin-path=/usr/local/sbin/ \
	--conf-path=/usr/local/etc/nginx/nginx.conf \
	--with-pcre \
	--with-http_ssl_module \
	--with-http_gzip_static_module \
	--without-http_charset_module \
	--without-http_ssi_module \
	--without-http_userid_module \
	--without-http_autoindex_module \
	--without-http_geo_module \
	--without-http_map_module \
	--without-http_referer_module \
	--without-http_proxy_module \
	--without-http_memcached_module \
	--without-http_limit_zone_module \
	--without-http_limit_req_module \
	--without-http_empty_gif_module \
	--without-http_browser_module \
	--without-http_upstream_ip_hash_module \
	--add-module=../custom_auth

If I did not provide enough relevant information or I am in some way
mistaken of the nature of this my apologies, this is only my second
day working in C.

Anthony Ryan



More information about the nginx-devel mailing list