Properly close token in sspi authentication

We can never leak more than one token, but we shouldn't do that. We
don't bother closing it in the error paths since the process will
exit shortly anyway.

Christian Ullrich

diff --git a/src/backend/libpq/auth.c b/src/backend/libpq/auth.c
index 22a1c1cb27492f2e3e724de4779d80fe682c4357..e70f4729afff31d48d59537d506b88cb9aea31a9 100644 (file)
--- a/src/backend/libpq/auth.c
+++ b/src/backend/libpq/auth.c
@@ -1468,6 +1468,8 @@ pg_SSPI_recvauth(Port *port)
                                (errmsg_internal("could not get user token: error code %d",
                                                                 (int) GetLastError())));
 
+       CloseHandle(token);
+
        if (!LookupAccountSid(NULL, tokenuser->User.Sid, accountname, &accountnamesize,
                                                  domainname, &domainnamesize, &accountnameuse))
                ereport(ERROR,