Properly close token in sspi authentication

We can never leak more than one token, but we shouldn't do that. We don't bother closing it in the error paths since the process will exit shortly anyway. Christian Ullrich
author: Magnus Hagander <magnus@hagander.net> 2016-01-14 13:06:03 +0100
committer: Magnus Hagander <magnus@hagander.net> 2016-01-14 13:07:45 +0100
commit: 77d8edcf5443a7047b2dc792300255ec129228cf (patch)
tree: 7d7c2d187599d4e720b71677ba8a0b91f76ab193 /src
parent: b87403f7037c001f750d486cf00c4325ce2eb014 (diff)
1 files changed, 2 insertions, 0 deletions
diff --git a/src/backend/libpq/auth.c b/src/backend/libpq/auth.c
index 49cfe3bdc4a..c91320f4968 100644
--- a/src/backend/libpq/auth.c
+++ b/src/backend/libpq/auth.c
@@ -1467,6 +1467,8 @@ pg_SSPI_recvauth(Port *port)
 				(errmsg_internal("could not get user token: error code %lu",
 								 GetLastError())));
 
+	CloseHandle(token);
+
 	if (!LookupAccountSid(NULL, tokenuser->User.Sid, accountname, &accountnamesize,
 						  domainname, &domainnamesize, &accountnameuse))
 		ereport(ERROR,
author	Magnus Hagander <magnus@hagander.net>	2016-01-14 13:06:03 +0100
committer	Magnus Hagander <magnus@hagander.net>	2016-01-14 13:07:45 +0100
commit	77d8edcf5443a7047b2dc792300255ec129228cf (patch)
tree	7d7c2d187599d4e720b71677ba8a0b91f76ab193 /src
parent	b87403f7037c001f750d486cf00c4325ce2eb014 (diff)