Properly close token in sspi authentication

We can never leak more than one token, but we shouldn't do that. We
don't bother closing it in the error paths since the process will
exit shortly anyway.

Christian Ullrich

diff --git a/src/backend/libpq/auth.c b/src/backend/libpq/auth.c
index 0131bfdd91e6c516ab15dc57b718a5ca8d246fb9..57c2f4848b5b1bf583c89723832bdf815533f6c4 100644 (file)
--- a/src/backend/libpq/auth.c
+++ b/src/backend/libpq/auth.c
@@ -1253,6 +1253,8 @@ pg_SSPI_recvauth(Port *port)
                (errmsg_internal("could not get user token: error code %lu",
                                 GetLastError())));
 
+   CloseHandle(token);
+
    if (!LookupAccountSid(NULL, tokenuser->User.Sid, accountname, &accountnamesize,
                          domainname, &domainnamesize, &accountnameuse))
        ereport(ERROR,