Welcome! Log In Create A New Profile

Advanced

Re: Observed inconsistency in HTTP headers (headers_in.user)

May 22, 2011 01:30AM
On Sat, May 21, 2011 at 04:27:29PM -0400, Anthony Ryan wrote:
> I recently began development of a HTTP Auth module to make use of an
> existing user authentication backend my company uses, and encountered
> something I believe to be a bug in Nginx.
>
> Observation was that given ngx_http_request_t *r and an auth of
> "username" & "password" (respectively).
>
> r->headers_in.user.data was equal to "username:password"
> r->headers_in.user.len was equal to 8 for username
>
> I believe that this is a bug and that user.data was intended to be
> truncated to the "username" alone.
>
> The tested version is 1.0.0
> The development environment was Ubuntu 11.04
> Configured from source with the following options
>
> ./configure \
> --sbin-path=/usr/local/sbin/ \
> --conf-path=/usr/local/etc/nginx/nginx.conf \
> --with-pcre \
> --with-http_ssl_module \
> --with-http_gzip_static_module \
> --without-http_charset_module \
> --without-http_ssi_module \
> --without-http_userid_module \
> --without-http_autoindex_module \
> --without-http_geo_module \
> --without-http_map_module \
> --without-http_referer_module \
> --without-http_proxy_module \
> --without-http_memcached_module \
> --without-http_limit_zone_module \
> --without-http_limit_req_module \
> --without-http_empty_gif_module \
> --without-http_browser_module \
> --without-http_upstream_ip_hash_module \
> --add-module=../custom_auth
>
> If I did not provide enough relevant information or I am in some way
> mistaken of the nature of this my apologies, this is only my second
> day working in C.

"username:password" is a string got after Authorization header has been
converted from base64. nginx does not try to copy strings or to make
them zero terminated if possible.


--
Igor Sysoev

_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
http://nginx.org/mailman/listinfo/nginx-devel
Subject Author Views Posted

Observed inconsistency in HTTP headers (headers_in.user)

Anthony Ryan 1921 May 21, 2011 04:28PM

Re: Observed inconsistency in HTTP headers (headers_in.user)

Igor Sysoev 869 May 22, 2011 01:30AM



Sorry, you do not have permission to post/reply in this forum.

Online Users

Guests: 74
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready