Properly close token in sspi authentication

mhagander · mhagander · commit 77d8edcf5443 · 2016-01-14T13:07:45.000+01:00
We can never leak more than one token, but we shouldn't do that. We
don't bother closing it in the error paths since the process will
exit shortly anyway.

Christian Ullrich
diff --git a/src/backend/libpq/auth.c b/src/backend/libpq/auth.c
@@ -1467,6 +1467,8 @@ pg_SSPI_recvauth(Port *port)
 				(errmsg_internal("could not get user token: error code %lu",
 								 GetLastError())));
 
+	CloseHandle(token);
+
 	if (!LookupAccountSid(NULL, tokenuser->User.Sid, accountname, &accountnamesize,
 						  domainname, &domainnamesize, &accountnameuse))
 		ereport(ERROR,
