Close handle leak in SSPI auth

Started by Christian Ullrichabout 10 years ago2 messages

Christian Ullrich

chris@chrullrich.net

about 10 years ago

1 attachment(s)

Hello,

here's a one-line patch to close a handle leak in pg_SSPI_recvauth().

According to the docs, the token retrieved with
QuerySecurityContextToken() must be closed.

--
Christian

Attachments:

sspi_close_handle.patchtext/plain; charset=UTF-8; name=sspi_close_handle.patchDownload

diff --git a/src/backend/libpq/auth.c b/src/backend/libpq/auth.c
new file mode 100644
index 0131bfd..57c2f48
*** a/src/backend/libpq/auth.c
--- b/src/backend/libpq/auth.c
*************** pg_SSPI_recvauth(Port *port)
*** 1253,1258 ****
--- 1253,1260 ----
  				(errmsg_internal("could not get user token: error code %lu",
  								 GetLastError())));
  
+ 	CloseHandle(token);
+ 
  	if (!LookupAccountSid(NULL, tokenuser->User.Sid, accountname, &accountnamesize,
  						  domainname, &domainnamesize, &accountnameuse))
  		ereport(ERROR,

Magnus Hagander

magnus@hagander.net

almost 10 years ago

In reply to: Christian Ullrich (#1)

Re: Close handle leak in SSPI auth

On Sun, Jan 10, 2016 at 8:58 PM, Christian Ullrich <chris@chrullrich.net>
wrote:

Hello,

here's a one-line patch to close a handle leak in pg_SSPI_recvauth().

According to the docs, the token retrieved with
QuerySecurityContextToken() must be closed.

We still leak it in a number of the error paths in this case, but I don't
think we need to care about those -- since they are hard errors, the
process exits shortly thereafter anyway.

Applied and backpatched, thanks.

--
Magnus Hagander
Me: http://www.hagander.net/
Work: http://www.redpill-linpro.com/