Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SessionUser protection against nil pointer dereference #21358

Merged
merged 2 commits into from
Oct 6, 2022
Merged

SessionUser protection against nil pointer dereference #21358

merged 2 commits into from
Oct 6, 2022

Conversation

pboguslawski
Copy link
Contributor

SessionUser should be protected against passing sess = nil to avoid

PANIC: runtime error: invalid memory address or nil pointer dereference

in

https://github.com/go-gitea/gitea/pull/18452/files#diff-a215b82aadeb8b4c4632fcf31215dd421f804eb1c0137ec6721b980136e4442aR69

after upgrade from gitea v1.16 to v1.17.

Related: #18452
Author-Change-Id: IB#1126459

@pboguslawski
SessionUser protection against nil pointer dereference
9472be9 
`SessionUser` should be protected against passing `sess` = `nil` to avoid

```
PANIC: runtime error: invalid memory address or nil pointer dereference
```

in

https://github.com/go-gitea/gitea/pull/18452/files#diff-a215b82aadeb8b4c4632fcf31215dd421f804eb1c0137ec6721b980136e4442aR69

after upgrade from gitea v1.16 to v1.17.

Related: go-gitea#18452
Author-Change-Id: IB#1126459
@GiteaBot GiteaBot added the lgtm/need 2 This PR needs two approvals by maintainers to be considered for merging. label Oct 6, 2022
@Gusted Gusted added this to the 1.18.0 milestone Oct 6, 2022
@GiteaBot GiteaBot added lgtm/need 1 This PR needs approval from one additional maintainer to be merged. and removed lgtm/need 2 This PR needs two approvals by maintainers to be considered for merging. labels Oct 6, 2022
@GiteaBot GiteaBot added lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. and removed lgtm/need 1 This PR needs approval from one additional maintainer to be merged. labels Oct 6, 2022
@zeripath zeripath merged commit 2d3b52c into go-gitea:main Oct 6, 2022
zjjhot added a commit to zjjhot/gitea that referenced this pull request Oct 8, 2022
@zjjhot
Merge remote-tracking branch 'upstream/main'
9b78b24 
* upstream/main: (34 commits)
  Fix formatted link for PR review notifications to matrix (go-gitea#21319)
  Show private data in feeds (go-gitea#21369)
  Add nicer error handling on template compile errors (go-gitea#21350)
  Fix some typos and update db transaction demo in backend guideline (go-gitea#21322)
  Refactor parseTreeEntries, speed up tree list (go-gitea#21368)
  Add GET and DELETE endpoints for Docker blob uploads (go-gitea#21367)
  Make external issue tracker regexp configurable via API (go-gitea#21338)
  Add new CSS variables --color-accent and --color-small-accent (go-gitea#21305)
  Set SemverCompatible to false for Conan packages (go-gitea#21275)
  Parse OAuth Authorization header when request omits client secret (go-gitea#21351)
  Disable Firefox E2E tests (go-gitea#21363)
  Add redirect of /upgrade/ to /upgrade-from-gitea/ on docs site (go-gitea#21330)
  Update to go-enry v2.8.3 (go-gitea#21360)
  Update go to 1.19 (go-gitea#21361)
  SessionUser protection against nil pointer dereference (go-gitea#21358)
  Fix and improve incorrect error messages (go-gitea#21342)
  Fix default theme-auto selector when nologin (go-gitea#21346)
  Add `stat` to `ToCommit` function for speed (go-gitea#21337)
  Fix typo in API comment document (go-gitea#21347)
  Update comment about repository.DISABLED_REPO_UNITS in app.example.ini (go-gitea#21343)
  ...
@lunny
Copy link
Member

lunny commented Oct 24, 2022

Please send backport

pboguslawski added a commit to ibpl/gitea that referenced this pull request Oct 24, 2022
@pboguslawski
Verification moved to correct method
09628bb 
Fixes: adac68d
Related: go-gitea#21358
Related: go-gitea#18452
Author-Change-Id: IB#1126459
@pboguslawski pboguslawski mentioned this pull request Oct 24, 2022
Merged
@pboguslawski
Copy link
Contributor Author

PR with backport: #21358

zeripath pushed a commit that referenced this pull request Oct 24, 2022
@pboguslawski
SessionUser protection against nil pointer dereference (#21581)
d5856fe 
Backport #21358 

`SessionUser` should be protected against passing `sess` = `nil` to
avoid

```
PANIC: runtime error: invalid memory address or nil pointer dereference
```

in


https://github.com/go-gitea/gitea/pull/18452/files#diff-a215b82aadeb8b4c4632fcf31215dd421f804eb1c0137ec6721b980136e4442aR69

after upgrade from gitea v1.16 to v1.17.

Related: #18452
@zeripath zeripath added the backport/done All backports for this PR have been created label Oct 24, 2022
@pboguslawski pboguslawski deleted the main-IB#1126459 branch October 28, 2022 09:55
@go-gitea go-gitea locked and limited conversation to collaborators May 3, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@techknowlogick techknowlogick techknowlogick left review comments

@delvh delvh delvh approved these changes

@Gusted Gusted Gusted approved these changes

Assignees
No one assigned
Labels
backport/done All backports for this PR have been created lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. type/bug
Projects
None yet
Milestone
1.18.0
Development

Successfully merging this pull request may close these issues.
7 participants
@pboguslawski @lunny @techknowlogick @Gusted @delvh @zeripath @GiteaBot