Fix leak of process_token.

The calls to GetCurrentProcessToken() return a process token handle
that must be closed. This function is implemented in the same file,
and calls OpenProcessToken(). Win8 and later OSes have a function
of the same name ::GetCurrentProcessToken() which returns a
psuedo-handle that does not need to be closed.

The # Enter a description of the change.
Fix handle leaks of the process_token.

Bug: 1126279
Change-Id: Idbeaa92a173409a7b7152c04dcc67c917e8c306e
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2402081
Commit-Queue: Joe Laughlin <joel@microsoft.com>
Commit-Queue: Nico Weber <thakis@chromium.org>
Reviewed-by: Bruce Dawson <brucedawson@chromium.org>
Reviewed-by: Nico Weber <thakis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#810385}

base/process/process_info_win.cc

@@ -17,35 +17,34 @@ namespace base {
 
 namespace {
 
-HANDLE GetCurrentProcessToken() {
-  HANDLE process_token;
+base::win::ScopedHandle CreateCurrentProcessToken() {
+  // OpenProcessToken can fail due to permission or allocation failures
+  // for the kernel object. Return nullptr in those cases.
+  HANDLE process_token = nullptr;
   OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY, &process_token);
-  DCHECK(process_token != NULL && process_token != INVALID_HANDLE_VALUE);
-  return process_token;
+  return base::win::ScopedHandle(process_token);
 }
 
 }  // namespace
 
 IntegrityLevel GetCurrentProcessIntegrityLevel() {
-  HANDLE process_token(GetCurrentProcessToken());
+  base::win::ScopedHandle scoped_process_token(CreateCurrentProcessToken());
 
   DWORD token_info_length = 0;
-  if (::GetTokenInformation(process_token, TokenIntegrityLevel, nullptr, 0,
-                            &token_info_length) ||
+  if (::GetTokenInformation(scoped_process_token.Get(), TokenIntegrityLevel,
+                            nullptr, 0, &token_info_length) ||
       ::GetLastError() != ERROR_INSUFFICIENT_BUFFER) {
-    NOTREACHED();
     return INTEGRITY_UNKNOWN;
   }
 
   auto token_label_bytes = std::make_unique<char[]>(token_info_length);
   TOKEN_MANDATORY_LABEL* token_label =
       reinterpret_cast<TOKEN_MANDATORY_LABEL*>(token_label_bytes.get());
-  if (!::GetTokenInformation(process_token, TokenIntegrityLevel, token_label,
-                             token_info_length, &token_info_length)) {
-    NOTREACHED();
+  if (!::GetTokenInformation(scoped_process_token.Get(), TokenIntegrityLevel,
+                             token_label, token_info_length,
+                             &token_info_length)) {
     return INTEGRITY_UNKNOWN;
   }
-
   DWORD integrity_level = *::GetSidSubAuthority(
       token_label->Label.Sid,
       static_cast<DWORD>(*::GetSidSubAuthorityCount(token_label->Label.Sid) -
@@ -70,14 +69,14 @@ IntegrityLevel GetCurrentProcessIntegrityLevel() {
 }
 
 bool IsCurrentProcessElevated() {
-  HANDLE process_token(GetCurrentProcessToken());
+  base::win::ScopedHandle scoped_process_token(CreateCurrentProcessToken());
 
   // Unlike TOKEN_ELEVATION_TYPE which returns TokenElevationTypeDefault when
   // UAC is turned off, TOKEN_ELEVATION returns whether the process is elevated.
   DWORD size;
   TOKEN_ELEVATION elevation;
-  if (!GetTokenInformation(process_token, TokenElevation, &elevation,
-                           sizeof(elevation), &size)) {
+  if (!GetTokenInformation(scoped_process_token.Get(), TokenElevation,
+                           &elevation, sizeof(elevation), &size)) {
     PLOG(ERROR) << "GetTokenInformation() failed";
     return false;
   }