Skip to content

Web admin high-level actions leak the process token handle

Summary

The WebServer high-level shutdown/reboot action opens the process token but does not close it. Repeated attempts leak kernel handles.

This is a small fix, but it remains Beta 0.7.3-blocking because it is a clear Win32 handle lifetime bug on a web-triggered control path.

Evidence

  • srchybrid/EmuleDlg.cpp:3959 calls OpenProcessToken.
  • No CloseHandle(hToken) is present on the success path before the action returns.

Execution Plan

  1. Revalidate the current WEBGUIIA_WINFUNC success and failure paths.
  2. Add narrow handle cleanup on every successful OpenProcessToken path.
  3. Prefer a tiny local RAII guard if it fits the existing file style; otherwise close explicitly in all exits.
  4. Preserve existing privilege adjustment, access checks, and logging behavior.
  5. Add a targeted smoke or code-level test if a seam exists.

Acceptance Criteria

  • Every successful OpenProcessToken is matched by CloseHandle.
  • Repeated web admin action attempts do not increase process handle count.
  • Existing access-denied and failure behavior is unchanged.

Validation

  • 2026-05-08: Done in app commit 1513358.
  • python -m emule_workspace validate --workspace-root .
  • python -m emule_workspace build app --workspace-root . --config Release --platform x64 --variant main
  • Code validation: the WEBGUIIA_WINFUNC path now wraps the process token in a local RAII guard, so every successful OpenProcessToken is matched by CloseHandle on normal and exception paths.