prevent null character in error log

Maxim Dounin mdounin at mdounin.ru
Mon Feb 26 17:52:20 UTC 2018


Hello!

On Mon, Feb 26, 2018 at 06:01:02PM +0300, Filimonov Vadim wrote:

> # HG changeset patch
> # User Vadim Filimonov <fffilimonov at yandex.ru>
> # Date 1519656740 -7200
> #      Mon Feb 26 16:52:20 2018 +0200
> # Node ID 00de93c2804c0679adc33dee25cb948e61c04c05
> # Parent  8b70d4caa505656bb5ee3f95246c4f39b62354ef
> prevent null character in error log
> https://trac.nginx.org/nginx/ticket/1494

Should be something like:

Auth basic: prevent null character in error log (ticket #1494).

> 
> diff -r 8b70d4caa505 -r 00de93c2804c src/http/modules/ngx_http_auth_basic_module.c
> --- a/src/http/modules/ngx_http_auth_basic_module.c     Thu Feb 22 13:16:21 2018 +0300
> +++ b/src/http/modules/ngx_http_auth_basic_module.c     Mon Feb 26 16:52:20 2018 +0200
> @@ -266,8 +266,8 @@
>      }
> 
>      ngx_log_error(NGX_LOG_ERR, r->connection->log, 0,
> -                  "user \"%V\" was not found in \"%V\"",
> -                  &r->headers_in.user, &user_file);
> +                  "user \"%V\" was not found in \"%s\"",
> +                  &r->headers_in.user, user_file.data);
> 
>      return ngx_http_auth_basic_set_realm(r, &realm);
>  }

Thanks, committed with the above commit log changes.

The problem is that ccv.zero flag, as set during 
ngx_http_compile_complex_value() to produce null-terminated 
string, includes terminating null character into the string 
length.

Another solution would be to change/fix ccv.zero flag to produce 
silently zero-terminated string without including terminating null 
into the string length, though this would be a much more complex 
change.

-- 
Maxim Dounin
http://mdounin.ru/


More information about the nginx-devel mailing list