From: Magnus Hagander Date: Thu, 14 Jan 2016 12:06:03 +0000 (+0100) Subject: Properly close token in sspi authentication X-Git-Tag: REL9_6_BETA1~858 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=6a61d1ff9dce7406c0affdc013da27ed4252ba29;p=postgresql Properly close token in sspi authentication We can never leak more than one token, but we shouldn't do that. We don't bother closing it in the error paths since the process will exit shortly anyway. Christian Ullrich --- diff --git a/src/backend/libpq/auth.c b/src/backend/libpq/auth.c index 0131bfdd91..57c2f4848b 100644 --- a/src/backend/libpq/auth.c +++ b/src/backend/libpq/auth.c @@ -1253,6 +1253,8 @@ pg_SSPI_recvauth(Port *port) (errmsg_internal("could not get user token: error code %lu", GetLastError()))); + CloseHandle(token); + if (!LookupAccountSid(NULL, tokenuser->User.Sid, accountname, &accountnamesize, domainname, &domainnamesize, &accountnameuse)) ereport(ERROR,