From 459721f9c724f1caaa79dd4d3696e702ba3dfc1f Mon Sep 17 00:00:00 2001
From: Andrew Clayton <a.clayton@nginx.com>
Date: Tue, 12 Aug 2025 22:48:32 +0100
Subject: [PATCH] Don't leak file descriptor in
 nxt_main_port_access_log_handler()

After opening a file and setting file.fd we _may_ call
nxt_port_socket_write(). If so then the file is eventually closed via
something like

  nxt_port_socket_write()
    nxt_port_socket_write2()
      nxt_port_write_handler()
        nxt_port_msg_close_fd()
          nxt_port_close_fds()

Alternatively we may just return from the function and never close(2)
file.fd.

In which case we should call nxt_file_close().

This was reported by coverity.

Signed-off-by: Andrew Clayton <a.clayton@nginx.com>
---
 src/nxt_main_process.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/nxt_main_process.c b/src/nxt_main_process.c
index e942c1a85..25798ea0b 100644
--- a/src/nxt_main_process.c
+++ b/src/nxt_main_process.c
@@ -1730,5 +1730,8 @@ nxt_main_port_access_log_handler(nxt_task_t *task, nxt_port_recv_msg_t *msg)
     if (nxt_fast_path(port != NULL)) {
         (void) nxt_port_socket_write(task, port, type, file.fd,
                                      msg->port_msg.stream, 0, NULL);
+
+    } else {
+        nxt_file_close(task, &file);
     }
 }