Properly close token in sspi authentication

We can never leak more than one token, but we shouldn't do that. We don't bother closing it in the error paths since the process will exit shortly anyway. Christian Ullrich
author: Magnus Hagander 2016-01-14 12:06:03 +0000
committer: Magnus Hagander 2016-01-14 12:08:10 +0000
commit: b1c0f92eb690388a0739bee2793f5ae8baf5d0bb (patch)
tree: 6ac549f3f61a74f26db376f324a6f1858c6e0053 /src/backend
parent: 5108013dbbfedb5e5af6a58cde5f074d895c46bf (diff)
1 files changed, 2 insertions, 0 deletions
diff --git a/src/backend/libpq/auth.c b/src/backend/libpq/auth.c
index 22a1c1cb274..e70f4729aff 100644
--- a/src/backend/libpq/auth.c
+++ b/src/backend/libpq/auth.c
@@ -1468,6 +1468,8 @@ pg_SSPI_recvauth(Port *port)
 				(errmsg_internal("could not get user token: error code %d",
 								 (int) GetLastError())));
 
+	CloseHandle(token);
+
 	if (!LookupAccountSid(NULL, tokenuser->User.Sid, accountname, &accountnamesize,
 						  domainname, &domainnamesize, &accountnameuse))
 		ereport(ERROR,
author	Magnus Hagander	2016-01-14 12:06:03 +0000
committer	Magnus Hagander	2016-01-14 12:08:10 +0000
commit	b1c0f92eb690388a0739bee2793f5ae8baf5d0bb (patch)
tree	6ac549f3f61a74f26db376f324a6f1858c6e0053 /src/backend
parent	5108013dbbfedb5e5af6a58cde5f074d895c46bf (diff)