From 2a1129926da172961d31dc33901ea0bf7e249141 Mon Sep 17 00:00:00 2001
From: Stepan Gulyaev <stepan.gulyaev.02@gmail.com>
Date: Tue, 10 Jun 2025 14:58:33 +0300
Subject: [PATCH 1/2] Fix: changed types for functions, added checks. Haven't
 tested yet

---
 ngx_http_auth_pam_module.c | 24 +++++++++++++++++++-----
 1 file changed, 19 insertions(+), 5 deletions(-)

diff --git a/ngx_http_auth_pam_module.c b/ngx_http_auth_pam_module.c
index 9f03f7b..f54284b 100644
--- a/ngx_http_auth_pam_module.c
+++ b/ngx_http_auth_pam_module.c
@@ -237,12 +237,15 @@ ngx_http_auth_pam_handler(ngx_http_request_t *r)
 /**
  * create a key value pair from the given key and value string
  */
-static void set_to_pam_env(pam_handle_t *pamh, ngx_http_request_t *r,
+static ngx_int_t set_to_pam_env(pam_handle_t *pamh, ngx_http_request_t *r,
                            char *key, char *value)
 {
         if (key != NULL && value != NULL) {
                 size_t size = strlen(key) + strlen(value) + 1 * sizeof(char);
                 char *key_value_pair = ngx_palloc(r->pool, size);
+                if (addr == NULL) {
+                    return NGX_ERROR;
+                }
                 sprintf(key_value_pair, "%s=%s", key, value);
 
                 pam_putenv(pamh, key_value_pair);
@@ -268,14 +271,21 @@ static char* ngx_strncpy_s(ngx_str_t source, ngx_pool_t *pool)
 /**
  * enrich pam environment with request parameters
  */
-static void add_request_info_to_pam_env(pam_handle_t *pamh,
+static ngx_int_t add_request_info_to_pam_env(pam_handle_t *pamh,
                                         ngx_http_request_t *r)
 {
         char *request_info = ngx_strncpy_s(r->request_line, r->pool);
         char *host_info = ngx_strncpy_s(r->headers_in.host->value, r->pool);
 
-        set_to_pam_env(pamh, r, "REQUEST", request_info);
-        set_to_pam_env(pamh, r, "HOST", host_info);
+        ngx_int_t err = set_to_pam_env(pamh, r, "REQUEST", request_info);
+        if (err == NGX_ERROR){
+            return NGX_ERROR;
+        }
+
+        err = set_to_pam_env(pamh, r, "HOST", host_info);
+        if (err == NGX_ERROR){
+            return NGX_ERROR;
+        }
 }
 
 static ngx_int_t
@@ -351,7 +361,11 @@ ngx_http_auth_pam_authenticate(ngx_http_request_t *r,
   }
 
     if (alcf->set_pam_env) {
-        add_request_info_to_pam_env(pamh, r);
+        ngx_int_t err = add_request_info_to_pam_env(pamh, r);
+        ngx_log_error(NGX_LOG_CRIT, r->connection->log, 0,
+                      "PAM: Could not add request info to pam env: %s",
+                      pam_strerror(pamh, rc));
+        return NGX_HTTP_INTERNAL_SERVER_ERROR;
     }
 
     /* try to authenticate user, log error on failure */

From 820788a533e4570caccf345b3f389f14c32fa8a1 Mon Sep 17 00:00:00 2001
From: Stepan Gulyaev <stepan.gulyaev.02@gmail.com>
Date: Tue, 10 Jun 2025 16:05:08 +0300
Subject: [PATCH 2/2] fix: ngx_palloc no NULL check fixed

---
 ngx_http_auth_pam_module.c | 23 +++++++++++++----------
 1 file changed, 13 insertions(+), 10 deletions(-)

diff --git a/ngx_http_auth_pam_module.c b/ngx_http_auth_pam_module.c
index f54284b..2b8349a 100644
--- a/ngx_http_auth_pam_module.c
+++ b/ngx_http_auth_pam_module.c
@@ -243,13 +243,15 @@ static ngx_int_t set_to_pam_env(pam_handle_t *pamh, ngx_http_request_t *r,
         if (key != NULL && value != NULL) {
                 size_t size = strlen(key) + strlen(value) + 1 * sizeof(char);
                 char *key_value_pair = ngx_palloc(r->pool, size);
-                if (addr == NULL) {
+                if (key_value_pair == NULL) {
                     return NGX_ERROR;
                 }
                 sprintf(key_value_pair, "%s=%s", key, value);
 
                 pam_putenv(pamh, key_value_pair);
         }
+
+    return NGX_OK;
 }
 
 /**
@@ -277,15 +279,15 @@ static ngx_int_t add_request_info_to_pam_env(pam_handle_t *pamh,
         char *request_info = ngx_strncpy_s(r->request_line, r->pool);
         char *host_info = ngx_strncpy_s(r->headers_in.host->value, r->pool);
 
-        ngx_int_t err = set_to_pam_env(pamh, r, "REQUEST", request_info);
-        if (err == NGX_ERROR){
+        if (set_to_pam_env(pamh, r, "REQUEST", request_info) != NGX_OK){
             return NGX_ERROR;
         }
 
-        err = set_to_pam_env(pamh, r, "HOST", host_info);
-        if (err == NGX_ERROR){
+        if (set_to_pam_env(pamh, r, "HOST", host_info) != NGX_OK){
             return NGX_ERROR;
         }
+
+        return NGX_OK;
 }
 
 static ngx_int_t
@@ -361,11 +363,12 @@ ngx_http_auth_pam_authenticate(ngx_http_request_t *r,
   }
 
     if (alcf->set_pam_env) {
-        ngx_int_t err = add_request_info_to_pam_env(pamh, r);
-        ngx_log_error(NGX_LOG_CRIT, r->connection->log, 0,
-                      "PAM: Could not add request info to pam env: %s",
-                      pam_strerror(pamh, rc));
-        return NGX_HTTP_INTERNAL_SERVER_ERROR;
+        if (add_request_info_to_pam_env(pamh, r) != NGX_OK){
+            ngx_log_error(NGX_LOG_CRIT, r->connection->log, 0,
+                        "PAM: Could not add request info to pam env: %s",
+                        pam_strerror(pamh, rc));
+            return NGX_HTTP_INTERNAL_SERVER_ERROR;
+        }
     }
 
     /* try to authenticate user, log error on failure */