Ensure ec2_win_password doesn't leak file handle

Currently the module doesn't explicitly close the file handle. This wraps the reading of the private key in a try/finally block to ensure the file is properly closed.
9 years ago · 61672e5c61
parent b92b30e3b3
commit 61672e5c61
1 changed files with 5 additions and 2 deletions
--- a/lib/ansible/modules/extras/cloud/amazon/ec2_win_password.py
+++ b/lib/ansible/modules/extras/cloud/amazon/ec2_win_password.py
@ -144,8 +144,11 @@ def main():
    if wait and datetime.datetime.now() >= end:
        module.fail_json(msg = "wait for password timeout after %d seconds" % wait_timeout)

-    f = open(key_file, 'r')
-    key = RSA.importKey(f.read(), key_passphrase)
+    try:
+        f = open(key_file, 'r')
+        key = RSA.importKey(f.read(), key_passphrase)
+    finally:
+        f.close()
    cipher = PKCS1_v1_5.new(key)
    sentinel = 'password decryption failed!!!'