Mail: fixed clearing s->passwd in auth http requests.

Previously, it was not properly cleared retaining length as part of authenticating with CRAM-MD5 and APOP methods that expect to receive password in auth response. This resulted in null pointer dereference and worker process crash in subsequent auth attempts with CRAM-MD5. Reported by Arkadi Vainbrand.
author: Sergey Kandaurov <pluknet@nginx.com> 2026-03-18 16:39:37 +0400
committer: Roman Arutyunyan <arutyunyan.roman@gmail.com> 2026-03-24 18:46:36 +0400
commit: 9bc13718fe8a59a4538805516be7e141070c22d6 (patch)
tree: 21643aa64fc24908ce1b3f9a3357155740a5fbf8 /src
parent: 6f3145006b41a4ec464eed4093553a335d35e8ac (diff)
download: nginx-9bc13718fe8a59a4538805516be7e141070c22d6.tar.gz
nginx-9bc13718fe8a59a4538805516be7e141070c22d6.tar.bz2
1 files changed, 1 insertions, 1 deletions
diff --git a/src/mail/ngx_mail_auth_http_module.c b/src/mail/ngx_mail_auth_http_module.c
index 4ca6d6e24..3e5095a2d 100644
--- a/src/mail/ngx_mail_auth_http_module.c
+++ b/src/mail/ngx_mail_auth_http_module.c
@@ -1328,7 +1328,7 @@ ngx_mail_auth_http_create_request(ngx_mail_session_t *s, ngx_pool_t *pool,
         b->last = ngx_cpymem(b->last, "Auth-Salt: ", sizeof("Auth-Salt: ") - 1);
         b->last = ngx_copy(b->last, s->salt.data, s->salt.len);
 
-        s->passwd.data = NULL;
+        ngx_str_null(&s->passwd);
     }
 
     b->last = ngx_cpymem(b->last, "Auth-Protocol: ",
author	Sergey Kandaurov <pluknet@nginx.com>	2026-03-18 16:39:37 +0400
committer	Roman Arutyunyan <arutyunyan.roman@gmail.com>	2026-03-24 18:46:36 +0400
commit	9bc13718fe8a59a4538805516be7e141070c22d6 (patch)
tree	21643aa64fc24908ce1b3f9a3357155740a5fbf8 /src
parent	6f3145006b41a4ec464eed4093553a335d35e8ac (diff)
download	nginx-9bc13718fe8a59a4538805516be7e141070c22d6.tar.gz nginx-9bc13718fe8a59a4538805516be7e141070c22d6.tar.bz2