From 61672e5c617ca461e564a0c612d08b86beaa9c27 Mon Sep 17 00:00:00 2001
From: Joel Thompson <joel@jthompson.io>
Date: Sun, 27 Dec 2015 16:35:33 -0500
Subject: [PATCH] Ensure ec2_win_password doesn't leak file handle

Currently the module doesn't explicitly close the file handle. This
wraps the reading of the private key in a try/finally block to ensure
the file is properly closed.
---
 .../modules/extras/cloud/amazon/ec2_win_password.py        | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/lib/ansible/modules/extras/cloud/amazon/ec2_win_password.py b/lib/ansible/modules/extras/cloud/amazon/ec2_win_password.py
index f3a687c237..30fbcc08a0 100644
--- a/lib/ansible/modules/extras/cloud/amazon/ec2_win_password.py
+++ b/lib/ansible/modules/extras/cloud/amazon/ec2_win_password.py
@@ -144,8 +144,11 @@ def main():
     if wait and datetime.datetime.now() >= end:
         module.fail_json(msg = "wait for password timeout after %d seconds" % wait_timeout)
 
-    f = open(key_file, 'r')
-    key = RSA.importKey(f.read(), key_passphrase)
+    try:
+        f = open(key_file, 'r')
+        key = RSA.importKey(f.read(), key_passphrase)
+    finally:
+        f.close()
     cipher = PKCS1_v1_5.new(key)
     sentinel = 'password decryption failed!!!'