Null character in error.log

[fffilimonov@…]

With config like this:

auth_basic "Restricted";
auth_basic_user_file $host/htpasswd;

If user not found in file nginx writes to error log string:

2018/02/26 15:19:33 [error] 85925#0: *3 user "addd" was not found in "/Users/vf/nginx/127.0.0.1/htpasswd^@", client: 127.0.0.1, server: , request: "GET / HTTP/1.1", host: "127.0.0.1:8080"

The issue only with variable in auth_basic_user_file path.
With config like this no null char:

auth_basic "Restricted";
auth_basic_user_file /root/htpasswd;

ngx_http_auth_basic_module.c

ngx_log_error(NGX_LOG_ERR, r->connection->log, 0,
                  "user \"%V\" was not found in \"%V\"",
                  &r->headers_in.user, &user_file);

user_file - ngx_str_t
So, it means there is a string inside user_file.data with null terminator.

In debug log i can see:

2018/02/26 16:23:46 [debug] 93741#0: *1 access phase: 6
2018/02/26 16:23:46 [debug] 93741#0: *1 access phase: 7
2018/02/26 16:23:46 [debug] 93741#0: *1 http script var: "127.0.0.1"
2018/02/26 16:23:46 [debug] 93741#0: *1 http script copy: "/htpasswd^@"
2018/02/26 16:23:46 [debug] 93741#0: *1 http script fullname: "/Users/vf/nginx/127.0.0.1/htpasswd^@"
2018/02/26 16:23:46 [debug] 93741#0: *1 read: 9, 00007FFEE2FA7E00, 2048, 0
2018/02/26 16:23:46 [error] 93741#0: *1 user "addd" was not found in "/Users/vf/nginx/127.0.0.1/htpasswd^@", client: 127.0.0.1, server: , request: "GET / HTTP/1.1", host: "127.0.0.1:8080"

The null char we got from ngx_http_script.c.

The simple fix is:

    ngx_log_error(NGX_LOG_ERR, r->connection->log, 0,
                  "user \"%V\" was not found in \"%s\"",
                  &r->headers_in.user, user_file.data);

But possible the problem is somewhere in other function which builds the path.

[Vadim Filimonov <fffilimonov@…>]

In 7218:e48ac0136ee3/nginx:

Auth basic: prevent null character in error log (ticket #1494).