prevent null character in error log
Maxim Dounin
mdounin at mdounin.ru
Mon Feb 26 17:52:20 UTC 2018
Hello!
On Mon, Feb 26, 2018 at 06:01:02PM +0300, Filimonov Vadim wrote:
> # HG changeset patch
> # User Vadim Filimonov <fffilimonov at yandex.ru>
> # Date 1519656740 -7200
> # Mon Feb 26 16:52:20 2018 +0200
> # Node ID 00de93c2804c0679adc33dee25cb948e61c04c05
> # Parent 8b70d4caa505656bb5ee3f95246c4f39b62354ef
> prevent null character in error log
> https://trac.nginx.org/nginx/ticket/1494
Should be something like:
Auth basic: prevent null character in error log (ticket #1494).
>
> diff -r 8b70d4caa505 -r 00de93c2804c src/http/modules/ngx_http_auth_basic_module.c
> --- a/src/http/modules/ngx_http_auth_basic_module.c Thu Feb 22 13:16:21 2018 +0300
> +++ b/src/http/modules/ngx_http_auth_basic_module.c Mon Feb 26 16:52:20 2018 +0200
> @@ -266,8 +266,8 @@
> }
>
> ngx_log_error(NGX_LOG_ERR, r->connection->log, 0,
> - "user \"%V\" was not found in \"%V\"",
> - &r->headers_in.user, &user_file);
> + "user \"%V\" was not found in \"%s\"",
> + &r->headers_in.user, user_file.data);
>
> return ngx_http_auth_basic_set_realm(r, &realm);
> }
Thanks, committed with the above commit log changes.
The problem is that ccv.zero flag, as set during
ngx_http_compile_complex_value() to produce null-terminated
string, includes terminating null character into the string
length.
Another solution would be to change/fix ccv.zero flag to produce
silently zero-terminated string without including terminating null
into the string length, though this would be a much more complex
change.
--
Maxim Dounin
http://mdounin.ru/
More information about the nginx-devel
mailing list