Browse Source
SessionUser protection against nil pointer dereference (#21358)
`SessionUser` should be protected against passing `sess` = `nil` to avoid ``` PANIC: runtime error: invalid memory address or nil pointer dereference ``` in https://github.com/go-gitea/gitea/pull/18452/files#diff-a215b82aadeb8b4c4632fcf31215dd421f804eb1c0137ec6721b980136e4442aR69 after upgrade from gitea v1.16 to v1.17. Related: https://github.com/go-gitea/gitea/pull/18452 Author-Change-Id: IB#1126459tags/v1.18.0-rc0
Paweł Bogusławski
1 year ago
1 changed files with 4 additions and 0 deletions
+ 4
- 0
services/auth/session.go
View File
| @@ -39,6 +39,10 @@ func (s *Session) Verify(req *http.Request, w http.ResponseWriter, store DataSto | |||
| // SessionUser returns the user object corresponding to the "uid" session variable. | |||
| func SessionUser(sess SessionStore) *user_model.User { | |||
| if sess == nil { | |||
| return nil | |||
| } | |||
| // Get user ID | |||
| uid := sess.Get("uid") | |||
| if uid == nil { | |||
Loading…