Guard case in which FFI::Pointer gets to finalizer

Signed-off-by: Thomas Powell <powell@progress.com>

2 files changed, 10 insertions, 1 deletions

diff --git a/lib/chef/win32/handle.rb b/lib/chef/win32/handle.rb
index a677b4021e..08242375fe 100644
--- a/lib/chef/win32/handle.rb
+++ b/lib/chef/win32/handle.rb
@@ -42,7 +42,10 @@ class Chef
         # to close the pseudo handle returned by the GetCurrentProcess function.  The docs also say that it doesn't hurt to call
         # CloseHandle on it. However, doing so from inside of Ruby always seems to produce an invalid handle error.
         # The recommendation is to use GetCurrentProcess instead of the const (HANDLE)-1, to ensure we're making the correct comparison.
-        return if handle == GetCurrentProcess()
+
+        # Chef::ReservedNames::Win32::Security.logon_user() creates a token with a handle this is an FFI::Pointer
+        # and not a valid handle.
+        return if handle.is_a?(FFI::Pointer) || handle == GetCurrentProcess()
 
         unless CloseHandle(handle)
           Chef::ReservedNames::Win32::Error.raise!
diff --git a/lib/chef/win32/security.rb b/lib/chef/win32/security.rb
index 3894c65b21..01d793b047 100644
--- a/lib/chef/win32/security.rb
+++ b/lib/chef/win32/security.rb
@@ -721,6 +721,12 @@ class Chef
         unless LogonUserW(username, domain, password, logon_type, logon_provider, token)
           Chef::ReservedNames::Win32::Error.raise!
         end
+
+        # Handle.new(_non handle value_) is not ideal because the finalizer for Handle
+        # was silently failing when comparing the parameter with the return from
+        # `GetCurrentProcess()`. In this case, the value is an FFI::Pointer, but the logic
+        # for Token.new works the same otherwise, so I'm leaving this as is and guarding against
+        # trying to treat an FFI::Pointer as a Win32 handle in the finalizer.
         Token.new(Handle.new(token.read_pointer))
       end