search

atomx / nginx-http-auth-digest

Digest Authentication for Nginx
Other
44 stars 14 forks source link

invalid username or password for correct password and worker process exits on signal 6 #15

Closed gustopn closed 5 years ago

gustopn commented 6 years ago

invalid username or password for... worker process ... exited on signal 6 happens only when I am going over auth_digest.

erikdubbelboer commented 6 years ago

Is it possible for you to share the username and password so I can try to recreate the exact same situation? Also which browser and version of nginx are you using?

gustopn commented 6 years ago

Yes, it does not matter what password you use, you might take test and test123. The version of NGINX was the FreeBSD ports one, so nginx-1.14.0_4,2. And the passwd file was created by the supplied script. However, I am not suspecting the password to be false. It fails somewhere where it should give back to NGINX worker process, there it crashes. As far as I see the module seems to be quite old and NGINX changed in the meantime, so there may be an incompatibility there.

erikdubbelboer commented 6 years ago

I just compiled the module into nginx-1.14.0 for Ubuntu and everything works fine there. The nginx module system really hasn't changed so it's not an incompatibility there.

I don't have access to a FreeBSD machine I'm afraid so I can't test that. Maybe it's some modification that only the BSD version has.

Is there any way you could get a stacktrace or something?

gustopn commented 6 years ago

Not today, but I may look into it sometime later and yes, that stacktrace idea would be a start.

RvdE commented 3 years ago

I have the same issue on FreeBSD 13.0-RELEASE.

Managed to get the following stacktrace:

Reading symbols from /usr/local/sbin/nginx... [New LWP 1077745] Core was generated by `nginx: worker process'. Program terminated with signal SIGABRT, Aborted. Sent by kill() from pid 82879 and user 80.

0 kill () at kill.S:4

4 kill.S: No such file or directory. (gdb) bt

0 kill () at kill.S:4

1 0x00000008008f79e0 in __fail (msg=) at /usr/src/lib/libc/secure/stack_protector.c:130

2 0x00000008008f7950 in __stack_chk_fail () at /usr/src/lib/libc/secure/stack_protector.c:137

3 0x000000080031ecc8 in ngx_http_auth_digest_evasion_tracking (r=r@entry=0x801b66050, alcf=, alcf@entry=0x8010f3af8, status=, status@entry=0)

at /wrkdirs/usr/ports/www/nginx/work/nginx-http-auth-digest-cd86418/ngx_http_auth_digest_module.c:1462

4 0x000000080031d6e8 in ngx_http_auth_digest_handler (r=0x801b66050) at /wrkdirs/usr/ports/www/nginx/work/nginx-http-auth-digest-cd86418/ngx_http_auth_digest_module.c:289

5 0x000000000027aa91 in ngx_http_core_access_phase (r=0x801b66050, ph=0x801b9b958) at src/http/ngx_http_core_module.c:1100

6 0x000000000027a1a5 in ngx_http_core_run_phases (r=0x801b66050) at src/http/ngx_http_core_module.c:875

7 ngx_http_handler (r=r@entry=0x801b66050) at src/http/ngx_http_core_module.c:858

8 0x00000000002844aa in ngx_http_process_request (r=r@entry=0x801b66050) at src/http/ngx_http_request.c:2114

9 0x00000000002b4100 in ngx_http_v2_run_request (r=0x801b66050) at src/http/v2/ngx_http_v2.c:3983

10 0x00000000002b397a in ngx_http_v2_state_header_complete (h2c=0x801b19600, pos=0x801dd6785 "", end=0x801dd6785 "") at src/http/v2/ngx_http_v2.c:1916

11 0x00000000002ae080 in ngx_http_v2_read_handler (rev=) at src/http/v2/ngx_http_v2.c:435

12 0x000000000026c0c5 in ngx_kqueue_process_events (cycle=0x8010b0790, timer=, flags=1) at src/event/modules/ngx_kqueue_module.c:669

13 0x0000000000261c8a in ngx_process_events_and_timers (cycle=cycle@entry=0x8010b0790) at src/event/ngx_event.c:247

14 0x000000000026a71d in ngx_worker_process_cycle (cycle=0x8010b0790, data=) at src/os/unix/ngx_process_cycle.c:719

15 0x0000000000268b7a in ngx_spawn_process (cycle=cycle@entry=0x8010b0790, proc=0x26a6b0 , data=0x6, name=0x21d015 "worker process", respawn=respawn@entry=7)

at src/os/unix/ngx_process.c:199

16 0x00000000002698fa in ngx_reap_children (cycle=0x8010b0790) at src/os/unix/ngx_process_cycle.c:596

17 ngx_master_process_cycle (cycle=cycle@entry=0x8010b0790) at src/os/unix/ngx_process_cycle.c:174

18 0x0000000000240ff5 in main (argc=, argv=) at src/core/nginx.c:383

erikdubbelboer commented 3 years ago

Which version of nginx-http-auth-digest are you using? (there are no releases so which git hash?) According to your stacktrace it crashed on: https://github.com/atomx/nginx-http-auth-digest/blob/b3073ef3624ec0e590671399e7b8f31458218d2a/ngx_http_auth_digest_module.c#L1462 But it's impossible for node to be NULL at this point. So I'm wondering if you're running an older version or if something else happened.

RvdE commented 3 years ago

I looked into the ports distinfo (which stores the filenames, checksums, etc). and I think it's hash cd86418.

I'll see what happens if I use the latest available one. To be continued.

RvdE commented 3 years ago

hmm... that's basically the latest version, since there's only 1 commit newer than that which changes some documentation.

The crash happened on previous versions of FreeBSD as well, so I'm not sure what's going on. Seems to be a FreeBSD only issue :(

erikdubbelboer commented 3 years ago

How are you installing nginx-http-auth-digest? I'm unfamiliar with FreeBSD so I'm curious how a module like this is installed.