#2453 closed defect (wontfix)

Variables in different contexts are mixed together

Reported by: alexgit2k@… Owned by:
Priority: minor Milestone:
Component: nginx-core Version: 1.23.x
Keywords: Cc:
uname -a: Linux 0b8f251ef7a8 4.18.0-448.el8.x86_64 #1 SMP Wed Jan 18 15:02:46 UTC 2023 x86_64 GNU/Linux
nginx -V: nginx version: nginx/1.23.3
built by gcc 10.2.1 20210110 (Debian 10.2.1-6)
built with OpenSSL 1.1.1n 15 Mar 2022
TLS SNI support enabled
configure arguments: --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib/nginx/modules --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx --with-compat --with-file-aio --with-threads --with-http_addition_module --with-http_auth_request_module --with-http_dav_module --with-http_flv_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_mp4_module --with-http_random_index_module --with-http_realip_module --with-http_secure_link_module --with-http_slice_module --with-http_ssl_module --with-http_stub_status_module --with-http_sub_module --with-http_v2_module --with-mail --with-mail_ssl_module --with-stream --with-stream_realip_module --with-stream_ssl_module --with-stream_ssl_preread_module --with-cc-opt='-g -O2 -ffile-prefix-map=/data/builder/debuild/nginx-1.23.3/debian/debuild-base/nginx-1.23.3=. -fstack-protector-strong -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fPIC' --with-ld-opt='-Wl,-z,relro -Wl,-z,now -Wl,--as-needed -pie'

Description (last modified by alexgit2k@…)

Variables in different contexts are mixed together for the syntax-check.

Reproduceable with the nginx-Docker image:

docker run -it --rm nginx:latest /bin/bash
  • Incorrect config with missing variable
    # cat <<EOT > /etc/nginx/conf.d/server1.conf
    server {
        listen       80;
        server_name  server1;
        rewrite /helloworld https://www.example.com/\$target;
    # nginx -t 
    nginx: [emerg] unknown "target" variable
    nginx: configuration file /etc/nginx/nginx.conf test failed

Expected error-message because variable target is not set.

  • Correct config with same variable set
    # cat <<EOT > /etc/nginx/conf.d/server2.conf
    server {
        listen       80;
        server_name  server2;
        set \$target bar;
        rewrite /foo https://www.example.com/\$target;
    # nginx -t 
    nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
    nginx: configuration file /etc/nginx/nginx.conf test is successful

Unexpectedly no error-message for server1.conf + server2.conf together, because the variable set in server2.conf is wrongly used also for server1.conf

Note: A request to server1/helloworld correctly redirects to www.example.com/ (and not www.example.com/bar)

Change History (2)

comment:1 by alexgit2k@…, 10 months ago

Description: modified (diff)

comment:2 by Maxim Dounin, 10 months ago

Resolution: wontfix
Status: newclosed

Variables are global, and a variable defined anywhere in the http module is therefore known to nginx and won't produce errors during configuration parsing. For example, such variables can be used in various global entities, such as during logging defined at the http level. Similarly, variables defined at the http level, such as with map, can be used anywhere.

While this approach is unable to catch configuration errors like the one in your example during configuration parsing, it makes it possible to keep the code clean and simple.

To simplify catching of such configuration errors, nginx instead provides a runtime warning by default if a variable from the http rewrite module (created with set) is used but not set in the particular request handling path, see uninitialized_variable_warn.

Note: See TracTickets for help on using tickets.