Google Git
Sign in
nginx/nginx/8a11d4aa62a24ba6be527258ee5536c3270a13cc^!/.
commit
8a11d4aa62a24ba6be527258ee5536c3270a13cc
[log]
author
Maxim Dounin <mdounin@mdounin.ru>
Mon May 30 21:25:56 2022 +0300
committer
Maxim Dounin <mdounin@mdounin.ru>
Mon May 30 21:25:56 2022 +0300
tree
b0a01db06825a92bf1fee49495fce0c3ea48cc8c
parent
5adc699f204d7fdfa6a229ca765d2611329eeaaa [diff]
Multiple WWW-Authenticate headers with "satisfy any;".

If a module adds multiple WWW-Authenticate headers (ticket #485) to the
response, linked in r->headers_out.www_authenticate, all headers are now
cleared if another module later allows access.

This change is a nop for standard modules, since the only access module which
can add multiple WWW-Authenticate headers is the auth request module, and
it is checked after other standard access modules.  Though this might
affect some third party access modules.

Note that if a 3rd party module adds a single WWW-Authenticate header
and not yet modified to set the header's next pointer to NULL, attempt to
clear such a header with this change will result in a segmentation fault.

diff --git a/src/http/ngx_http_core_module.c b/src/http/ngx_http_core_module.c
index 0c7dd3f..28f7d99 100644
--- a/src/http/ngx_http_core_module.c
+++ b/src/http/ngx_http_core_module.c

@@ -1088,6 +1088,7 @@
 ngx_http_core_access_phase(ngx_http_request_t *r, ngx_http_phase_handler_t *ph)
 {
     ngx_int_t                  rc;
+    ngx_table_elt_t           *h;
     ngx_http_core_loc_conf_t  *clcf;
 
     if (r != r->main) {
@@ -1122,8 +1123,8 @@
         if (rc == NGX_OK) {
             r->access_code = 0;
 
-            if (r->headers_out.www_authenticate) {
-                r->headers_out.www_authenticate->hash = 0;
+            for (h = r->headers_out.www_authenticate; h; h = h->next) {
+                h->hash = 0;
             }
 
             r->phase_handler = ph->next;