]> git.kaiwu.me - nginx.git/commit
projects / nginx.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 6f31450) | patch
Mail: fixed clearing s->passwd in auth http requests.
authorSergey Kandaurov <pluknet@nginx.com>
Wed, 18 Mar 2026 12:39:37 +0000 (16:39 +0400)
committerRoman Arutyunyan <arutyunyan.roman@gmail.com>
Tue, 24 Mar 2026 14:46:36 +0000 (18:46 +0400)
commit9bc13718fe8a59a4538805516be7e141070c22d6
tree21643aa64fc24908ce1b3f9a3357155740a5fbf8tree | snapshot
parent6f3145006b41a4ec464eed4093553a335d35e8accommit | diff
Mail: fixed clearing s->passwd in auth http requests.

Previously, it was not properly cleared retaining length as part of
authenticating with CRAM-MD5 and APOP methods that expect to receive
password in auth response.  This resulted in null pointer dereference
and worker process crash in subsequent auth attempts with CRAM-MD5.

Reported by Arkadi Vainbrand.
src/mail/ngx_mail_auth_http_module.c diff | blob | history
nginx upstream