From 9472be9e0640bcf0e6a08b4a018d6d328800d1f9 Mon Sep 17 00:00:00 2001
From: Pawel Boguslawski <pawel.boguslawski@ib.pl>
Date: Thu, 6 Oct 2022 14:42:42 +0200
Subject: [PATCH] SessionUser protection against nil pointer dereference

`SessionUser` should be protected against passing `sess` = `nil` to avoid

```
PANIC: runtime error: invalid memory address or nil pointer dereference
```

in

https://github.com/go-gitea/gitea/pull/18452/files#diff-a215b82aadeb8b4c4632fcf31215dd421f804eb1c0137ec6721b980136e4442aR69

after upgrade from gitea v1.16 to v1.17.

Related: https://github.com/go-gitea/gitea/pull/18452
Author-Change-Id: IB#1126459
---
 services/auth/session.go | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/services/auth/session.go b/services/auth/session.go
index 6a23a176651ff..b1986944bb1de 100644
--- a/services/auth/session.go
+++ b/services/auth/session.go
@@ -1,4 +1,4 @@
-// Copyright 2019 The Gitea Authors. All rights reserved.
+// Copyright 2022 The Gitea Authors. All rights reserved.
 // Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 
@@ -39,6 +39,10 @@ func (s *Session) Verify(req *http.Request, w http.ResponseWriter, store DataSto
 
 // SessionUser returns the user object corresponding to the "uid" session variable.
 func SessionUser(sess SessionStore) *user_model.User {
+	if sess == nil {
+		return nil
+	}
+
 	// Get user ID
 	uid := sess.Get("uid")
 	if uid == nil {