From: Magnus Hagander <magnus@hagander.net>
Date: Thu, 14 Jan 2016 12:06:03 +0000 (+0100)
Subject: Properly close token in sspi authentication
X-Git-Tag: REL9_4_6~22
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=ab49f87d5cd4f70fdfe606449ebe1369aa6cbb61;p=postgresql

Properly close token in sspi authentication

We can never leak more than one token, but we shouldn't do that. We
don't bother closing it in the error paths since the process will
exit shortly anyway.

Christian Ullrich
---

diff --git a/src/backend/libpq/auth.c b/src/backend/libpq/auth.c
index 60d8d8848d..334b1a8954 100644
--- a/src/backend/libpq/auth.c
+++ b/src/backend/libpq/auth.c
@@ -1255,6 +1255,8 @@ pg_SSPI_recvauth(Port *port)
 				(errmsg_internal("could not get user token: error code %lu",
 								 GetLastError())));
 
+	CloseHandle(token);
+
 	if (!LookupAccountSid(NULL, tokenuser->User.Sid, accountname, &accountnamesize,
 						  domainname, &domainnamesize, &accountnameuse))
 		ereport(ERROR,