Properly close token in sspi authentication

We can never leak more than one token, but we shouldn't do that. We don't bother closing it in the error paths since the process will exit shortly anyway. Christian Ullrich
author: Magnus Hagander <magnus@hagander.net> 2016-01-14 13:06:03 +0100
committer: Magnus Hagander <magnus@hagander.net> 2016-01-14 13:07:55 +0100
commit: df0bd5a0f7e8893e1177f53b1ca126ffaf24160e (patch)
tree: 8fad510ca528dfbeb74b8a10daec2d1239370bd7
parent: be2b27651422a7d5426d29e5bf7d9a319afc1a77 (diff)
1 files changed, 2 insertions, 0 deletions
diff --git a/src/backend/libpq/auth.c b/src/backend/libpq/auth.c
index d05330d28d2..bc3bd5f3278 100644
--- a/src/backend/libpq/auth.c
+++ b/src/backend/libpq/auth.c
@@ -1464,6 +1464,8 @@ pg_SSPI_recvauth(Port *port)
 				(errmsg_internal("could not get user token: error code %lu",
 								 GetLastError())));
 
+	CloseHandle(token);
+
 	if (!LookupAccountSid(NULL, tokenuser->User.Sid, accountname, &accountnamesize,
 						  domainname, &domainnamesize, &accountnameuse))
 		ereport(ERROR,
author	Magnus Hagander <magnus@hagander.net>	2016-01-14 13:06:03 +0100
committer	Magnus Hagander <magnus@hagander.net>	2016-01-14 13:07:55 +0100
commit	df0bd5a0f7e8893e1177f53b1ca126ffaf24160e (patch)
tree	8fad510ca528dfbeb74b8a10daec2d1239370bd7
parent	be2b27651422a7d5426d29e5bf7d9a319afc1a77 (diff)