nginx.git/src/http/modules/ngx_http_auth_basic_module.c, branch release-1.30.0 nginx Auth basic: fixed file descriptor leak on memory allocation error. 2025-08-11T16:57:47+00:00 Sergey Kandaurov pluknet@nginx.com 2025-08-08T15:44:27+00:00 034f15bbc251ed72018d8396e7eeb3bf30fd789b Found by Coverity (CID 1662016). 
Found by Coverity (CID 1662016).
All known output headers can be linked lists now. 2022-05-30T18:25:45+00:00 Maxim Dounin mdounin@mdounin.ru 2022-05-30T18:25:45+00:00 e59c2096ae9d561997ad2d64d61094503e6be4c3 The h->next pointer properly provided as NULL in all cases where known output headers are added. Note that there are 3rd party modules which might not do this, and it might be risky to rely on this for arbitrary headers. 
The h->next pointer properly provided as NULL in all cases where known
output headers are added.

Note that there are 3rd party modules which might not do this, and it
might be risky to rely on this for arbitrary headers.
Auth basic: changed alcf->user_file to be a pointer. 2021-05-05T23:22:07+00:00 Maxim Dounin mdounin@mdounin.ru 2021-05-05T23:22:07+00:00 a6bce8c2274c971d4d61b78e002857d1ec69a901 This saves some memory in typical case when auth_basic_user_file is not explicitly set, and unifies the code with alcf->realm. 
This saves some memory in typical case when auth_basic_user_file is not
explicitly set, and unifies the code with alcf->realm.
Changed complex value slots to use NGX_CONF_UNSET_PTR. 2021-05-05T23:22:03+00:00 Maxim Dounin mdounin@mdounin.ru 2021-05-05T23:22:03+00:00 4faa84085379346fa1cf322907a1f9b6a7fbd583 With this change, it is now possible to use ngx_conf_merge_ptr_value() to merge complex values. This change follows much earlier changes in ngx_conf_merge_ptr_value() and ngx_conf_set_str_array_slot() in 1452:cd586e963db0 (0.6.10) and 1701:40d004d95d88 (0.6.22), and the change in ngx_conf_set_keyval_slot() (7728:485dba3e2a01, 1.19.4). To preserve compatibility with existing 3rd party modules, both NULL and NGX_CONF_UNSET_PTR are accepted for now. 
With this change, it is now possible to use ngx_conf_merge_ptr_value()
to merge complex values.  This change follows much earlier changes in
ngx_conf_merge_ptr_value() and ngx_conf_set_str_array_slot()
in 1452:cd586e963db0 (0.6.10) and 1701:40d004d95d88 (0.6.22), and the
change in ngx_conf_set_keyval_slot() (7728:485dba3e2a01, 1.19.4).

To preserve compatibility with existing 3rd party modules, both NULL
and NGX_CONF_UNSET_PTR are accepted for now.
Auth basic: explicitly zero out password buffer. 2020-03-12T23:12:10+00:00 Ruslan Ermilov ru@nginx.com 2020-03-12T23:12:10+00:00 65ae8b315211988a821bdc32050768f41571ddae 






Auth basic: prevent null character in error log (ticket #1494).
2018-02-26T14:52:20+00:00

Vadim Filimonov
fffilimonov@yandex.ru

2018-02-26T14:52:20+00:00

f607032e0c7edd44b25a759ebcaea077e94f6b10












Removed more remnants of the old pthread implementation.
2017-09-18T08:09:41+00:00

Ruslan Ermilov
ru@nginx.com

2017-09-18T08:09:41+00:00

05e87e19aff42a75a290b99f5684a73dbd38a329

After e284f3ff6831, ngx_crypt() can no longer return NGX_AGAIN.





After e284f3ff6831, ngx_crypt() can no longer return NGX_AGAIN.







Cleaned up r->headers_out.headers allocation error handling.
2017-04-20T15:26:37+00:00

Sergey Kandaurov
pluknet@nginx.com

2017-04-20T15:26:37+00:00

9ecf8428645579cf66adc5ba939bf1267924c5bc

If initialization of a header failed for some reason after ngx_list_push(),
leaving the header as is can result in uninitialized memory access by
the header filter or the log module.  The fix is to clear partially
initialized headers in case of errors.

For the Cache-Control header, the fix is to postpone pushing
r->headers_out.cache_control until its value is completed.





If initialization of a header failed for some reason after ngx_list_push(),
leaving the header as is can result in uninitialized memory access by
the header filter or the log module.  The fix is to clear partially
initialized headers in case of errors.

For the Cache-Control header, the fix is to postpone pushing
r->headers_out.cache_control until its value is completed.







Fixed logging.
2016-03-30T23:33:57+00:00

Sergey Kandaurov
pluknet@nginx.com

2016-03-30T23:33:57+00:00

00ef9ff5f03ce7e98ba64c3644da25e5a0d659fc












Auth basic: "info" logging level on no user/password.
2013-10-31T00:02:21+00:00

Maxim Dounin
mdounin@mdounin.ru

2013-10-31T00:02:21+00:00

869b4f36e51c602d046ba9b74af86a21c82ce6bf

This isn't an exceptional condition and normally happens on
first request from a client.





This isn't an exceptional condition and normally happens on
first request from a client.