core
/
gitea
3
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

SessionUser protection against nil pointer dereference (#21358) 

`SessionUser` should be protected against passing `sess` = `nil` to
avoid

```
PANIC: runtime error: invalid memory address or nil pointer dereference
```

in


https://github.com/go-gitea/gitea/pull/18452/files#diff-a215b82aadeb8b4c4632fcf31215dd421f804eb1c0137ec6721b980136e4442aR69

after upgrade from gitea v1.16 to v1.17.

Related: https://github.com/go-gitea/gitea/pull/18452
Author-Change-Id: IB#1126459
This commit is contained in:
Paweł Bogusławski 2022-10-06 22:50:38 +02:00 committed by GitHub
parent b001812df4
commit 2d3b52c244
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
services/auth/session.go
View File

@ -39,6 +39,10 @@ func (s *Session) Verify(req *http.Request, w http.ResponseWriter, store DataSto
// SessionUser returns the user object corresponding to the "uid" session variable. // SessionUser returns the user object corresponding to the "uid" session variable.
func SessionUser(sess SessionStore) *user_model.User { func SessionUser(sess SessionStore) *user_model.User {
if sess == nil {
return nil
}
// Get user ID // Get user ID
uid := sess.Get("uid") uid := sess.Get("uid")
if uid == nil { if uid == nil {