Hello!

On Tue, Feb 24, 2015 at 06:36:47PM +0900, Toshikuni Fukaya wrote:

> Hi,
>
> I found a little bug on error logging for ngx_http_auth_basic_module.
> My config is following:
>
> location / {
> set $file passwd;
> auth_basic "closed";
> auth_basic_user_file /etc/nginx/$file;
> }
>
> When access to the location with wrong user or password,
> nginx logged a user file name and it contains null character.
>
> The reason of this is using format '%V' to print user_file.
> I think it is a bug because '%s' is used for the variable in other
> positions.

Normally, variables which are nginx strings and at the same time
point to files do have a NULL character at the end (because it's
required to work with system calls), but it doesn't included in
the len field. That is, one can use either %s with user_file.data
or %V with &user_file. The %s variant was used in syscall-related
messages (to make sure to print the name used by syscalls), and %V
in normal code.

In this particular case the problem seems to be introduced by
the revision a6954ce88b80 (http://hg.nginx.org/nginx/rev/a6954ce88b80)
during conversion to complex values. Previously, the invariant
outlined above was held, but after a6954ce88b80 if auth_basic_user_file
contains variables, then user_files.len includes a NULL character.

While using %s in all cases as in your patch will fix the problem,
I would rather prefer to see the invariant restored.

--
Maxim Dounin
http://nginx.org/

_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel