I recently began development of a HTTP Auth module to make use of an
existing user authentication backend my company uses, and encountered
something I believe to be a bug in Nginx.

Observation was that given ngx_http_request_t *r and an auth of
"username" & "password" (respectively).

r->headers_in.user.data was equal to "username:password"
r->headers_in.user.len was equal to 8 for username

I believe that this is a bug and that user.data was intended to be
truncated to the "username" alone.

The tested version is 1.0.0
The development environment was Ubuntu 11.04
Configured from source with the following options

../configure \
--sbin-path=/usr/local/sbin/ \
--conf-path=/usr/local/etc/nginx/nginx.conf \
--with-pcre \
--with-http_ssl_module \
--with-http_gzip_static_module \
--without-http_charset_module \
--without-http_ssi_module \
--without-http_userid_module \
--without-http_autoindex_module \
--without-http_geo_module \
--without-http_map_module \
--without-http_referer_module \
--without-http_proxy_module \
--without-http_memcached_module \
--without-http_limit_zone_module \
--without-http_limit_req_module \
--without-http_empty_gif_module \
--without-http_browser_module \
--without-http_upstream_ip_hash_module \
--add-module=../custom_auth

If I did not provide enough relevant information or I am in some way
mistaken of the nature of this my apologies, this is only my second
day working in C.

Anthony Ryan

_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
http://nginx.org/mailman/listinfo/nginx-devel