Crypt_r() issue when viewing HTTP auth page

aris · December 20, 2012, 1:43am

When viewing a page that is HTTP auth password protected, we sometimes
get
an error 500 (internal server error), but 100% of the time, a browser
reload
of the page makes it work the second time around. The ngnix error log
shows
this:

2012/12/19 15:50:43 [crit] 28799#0: *6224 crypt_r() failed (2: No such
file
or directory), client: 108.199.xxx.xxx, server: dev.digitalpoint.com,
request: “GET /admin.php HTTP/1.1”, host: “dev.digitalpoint.com”,
referrer:
“http://dev.digitalpoint.com/”

It makes me wonder if maybe nginx worker processes can never read the
auth_basic_user_file the first time it tries for some reason (but always
can
after that first try)? Like I mentioned, it will work properly 100% of
the
time on a browser reload.

relevant part of nginx conf:

    location /admin.php {
            auth_basic                    Restricted;
            auth_basic_user_file    /etc/nginx/.passwd;
    <...clipped...>
    }

/etc/nginx/.passwd exists and I assume everything is okay with it since
everything works as expected on browser reload.

Anyone know how to fix this?

Posted at Nginx Forum:

digitalpoint · December 20, 2012, 6:12pm

Hello!

On Wed, Dec 19, 2012 at 07:42:55PM -0500, digitalpoint wrote:

It makes me wonder if maybe nginx worker processes can never read the
}

/etc/nginx/.passwd exists and I assume everything is okay with it since
everything works as expected on browser reload.

Anyone know how to fix this?

Try the following patch:

— a/src/os/unix/ngx_user.c
+++ b/src/os/unix/ngx_user.c
@@ -28,20 +28,15 @@ ngx_libc_crypt(ngx_pool_t *pool, u_char
{
char *value;
size_t len;

ngx_err_t err;
struct crypt_data cd;
ngx_set_errno(0);
cd.initialized = 0;
/* work around the glibc bug */
cd.current_salt[0] = ~salt[0];

value = crypt_r((char *) key, (char *) salt, &cd);
err = ngx_errno;
if (err == 0) {

if (value) {
len = ngx_strlen(value) + 1;
```
*encrypted = ngx_pnalloc(pool, len);
```

@@ -49,9 +44,11 @@ ngx_libc_crypt(ngx_pool_t *pool, u_char
ngx_memcpy(*encrypted, value, len);
return NGX_OK;
}
+

```
   return NGX_ERROR;
```
}

ngx_log_error(NGX_LOG_CRIT, pool->log, err, “crypt_r() failed”);

ngx_log_error(NGX_LOG_CRIT, pool->log, ngx_errno, “crypt_r()
failed”);

return NGX_ERROR;
}

–
Maxim D.

digitalpoint · December 20, 2012, 8:34pm

Thanks… that patch seems to have fixed it. I haven’t done exhaustive
testing, but if the crypt_r()/internal server errors pop up again, I’ll
post
back here.

Posted at Nginx Forum: