Skip to content

Commit

Permalink
SessionUser protection against nil pointer dereference
Browse files Browse the repository at this point in the history
`SessionUser` should be protected against passing `sess` = `nil` to avoid.

```
PANIC: runtime error: invalid memory address or nil pointer dereference
```

in

https://github.com/go-gitea/gitea/pull/18452/files#diff-a215b82aadeb8b4c4632fcf31215dd421f804eb1c0137ec6721b980136e4442aR69

after upgrade from gitea v1.16 to v1.17.

Related: go-gitea#18452
Author-Change-Id: IB#1126459
  • Loading branch information
pboguslawski committed Oct 6, 2022
1 parent cbebcc1 commit adac68d
Showing 1 changed file with 5 additions and 1 deletion.
6 changes: 5 additions & 1 deletion services/auth/session.go
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
// Copyright 2019 The Gitea Authors. All rights reserved.
// Copyright 2022 The Gitea Authors. All rights reserved.
// Use of this source code is governed by a MIT-style
// license that can be found in the LICENSE file.

Expand Down Expand Up @@ -30,6 +30,10 @@ func (s *Session) Name() string {
// object for that uid.
// Returns nil if there is no user uid stored in the session.
func (s *Session) Verify(req *http.Request, w http.ResponseWriter, store DataStore, sess SessionStore) *user_model.User {
if sess == nil {
return nil
}

user := SessionUser(sess)
if user != nil {
return user
Expand Down

0 comments on commit adac68d

Please sign in to comment.