[nginx] Auth basic: fixed file descriptor leak on memory allocat...

[Maxim Dounin]

details:   http://freenginx.org/hg/nginx/rev/65b7b311347d
branches:  
changeset: 9440:65b7b311347d
user:      Maxim Dounin <mdounin at mdounin.ru>
date:      Sun Nov 30 06:20:51 2025 +0300
description:
Auth basic: fixed file descriptor leak on memory allocation errors.

If ngx_pnalloc() for pwd.data failed when handling an incomplete last line
of a user file, file descriptor for the file wasn't closed before returning
the error.  The issue was introduced in 7637:0cb942c1c1aa (1.17.10), as
the particular error path wasn't converted to the "goto cleanup" pattern
introduced in the commit, but file closing was moved to the end of the
function.

The issue is, however, unlikely to happen in practice, as it only happens
when handling an incorrectly formatted user file (newline at end of file),
and only if memory allocation of a small string fails, which is unlikely
even on memory-constrained systems.

The fix is to use the "goto cleanup" pattern, similarly to how other errors
are handled since 7637:0cb942c1c1aa.  This also ensures that the buffer is
properly zeroed out if the particular memory allocation fails.

Found by Coverity (CID 1643265).

diffstat:

 src/http/modules/ngx_http_auth_basic_module.c |  3 ++-
 1 files changed, 2 insertions(+), 1 deletions(-)

diffs (13 lines):

diff --git a/src/http/modules/ngx_http_auth_basic_module.c b/src/http/modules/ngx_http_auth_basic_module.c
--- a/src/http/modules/ngx_http_auth_basic_module.c
+++ b/src/http/modules/ngx_http_auth_basic_module.c
@@ -253,7 +253,8 @@ ngx_http_auth_basic_handler(ngx_http_req
         pwd.len = i - passwd;
         pwd.data = ngx_pnalloc(r->pool, pwd.len + 1);
         if (pwd.data == NULL) {
-            return NGX_HTTP_INTERNAL_SERVER_ERROR;
+            rc = NGX_HTTP_INTERNAL_SERVER_ERROR;
+            goto cleanup;
         }
 
         ngx_cpystrn(pwd.data, &buf[passwd], pwd.len + 1);