Skip to content

Commit

Permalink
Auth basic: explicitly zero out password buffer.
Browse files Browse the repository at this point in the history
  • Loading branch information
mdocguard committed Mar 12, 2020
1 parent 1688f57 commit 65ae8b3
Showing 1 changed file with 18 additions and 19 deletions.
37 changes: 18 additions & 19 deletions src/http/modules/ngx_http_auth_basic_module.c
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,6 @@ static ngx_int_t ngx_http_auth_basic_crypt_handler(ngx_http_request_t *r,
ngx_str_t *passwd, ngx_str_t *realm);
static ngx_int_t ngx_http_auth_basic_set_realm(ngx_http_request_t *r,
ngx_str_t *realm);
static void ngx_http_auth_basic_close(ngx_file_t *file);
static void *ngx_http_auth_basic_create_loc_conf(ngx_conf_t *cf);
static char *ngx_http_auth_basic_merge_loc_conf(ngx_conf_t *cf,
void *parent, void *child);
Expand Down Expand Up @@ -177,8 +176,8 @@ ngx_http_auth_basic_handler(ngx_http_request_t *r)
offset);

if (n == NGX_ERROR) {
ngx_http_auth_basic_close(&file);
return NGX_HTTP_INTERNAL_SERVER_ERROR;
rc = NGX_HTTP_INTERNAL_SERVER_ERROR;
goto cleanup;
}

if (n == 0) {
Expand Down Expand Up @@ -219,12 +218,11 @@ ngx_http_auth_basic_handler(ngx_http_request_t *r)
if (buf[i] == LF || buf[i] == CR || buf[i] == ':') {
buf[i] = '\0';

ngx_http_auth_basic_close(&file);

pwd.len = i - passwd;
pwd.data = &buf[passwd];

return ngx_http_auth_basic_crypt_handler(r, &pwd, &realm);
rc = ngx_http_auth_basic_crypt_handler(r, &pwd, &realm);
goto cleanup;
}

break;
Expand All @@ -251,8 +249,6 @@ ngx_http_auth_basic_handler(ngx_http_request_t *r)
offset += n;
}

ngx_http_auth_basic_close(&file);

if (state == sw_passwd) {
pwd.len = i - passwd;
pwd.data = ngx_pnalloc(r->pool, pwd.len + 1);
Expand All @@ -262,14 +258,26 @@ ngx_http_auth_basic_handler(ngx_http_request_t *r)

ngx_cpystrn(pwd.data, &buf[passwd], pwd.len + 1);

return ngx_http_auth_basic_crypt_handler(r, &pwd, &realm);
rc = ngx_http_auth_basic_crypt_handler(r, &pwd, &realm);
goto cleanup;
}

ngx_log_error(NGX_LOG_ERR, r->connection->log, 0,
"user \"%V\" was not found in \"%s\"",
&r->headers_in.user, user_file.data);

return ngx_http_auth_basic_set_realm(r, &realm);
rc = ngx_http_auth_basic_set_realm(r, &realm);

cleanup:

if (ngx_close_file(file.fd) == NGX_FILE_ERROR) {
ngx_log_error(NGX_LOG_ALERT, r->connection->log, ngx_errno,
ngx_close_file_n " \"%s\" failed", user_file.data);
}

ngx_explicit_memzero(buf, NGX_HTTP_AUTH_BUF_SIZE);

return rc;
}


Expand Down Expand Up @@ -338,15 +346,6 @@ ngx_http_auth_basic_set_realm(ngx_http_request_t *r, ngx_str_t *realm)
return NGX_HTTP_UNAUTHORIZED;
}

static void
ngx_http_auth_basic_close(ngx_file_t *file)
{
if (ngx_close_file(file->fd) == NGX_FILE_ERROR) {
ngx_log_error(NGX_LOG_ALERT, file->log, ngx_errno,
ngx_close_file_n " \"%s\" failed", file->name.data);
}
}


static void *
ngx_http_auth_basic_create_loc_conf(ngx_conf_t *cf)
Expand Down

0 comments on commit 65ae8b3

Please sign in to comment.