Skip to content

Commit

Permalink
SessionUser protection against nil pointer dereference (#21581)
Browse files Browse the repository at this point in the history 
Backport #21358 

`SessionUser` should be protected against passing `sess` = `nil` to
avoid

```
PANIC: runtime error: invalid memory address or nil pointer dereference
```

in


https://github.com/go-gitea/gitea/pull/18452/files#diff-a215b82aadeb8b4c4632fcf31215dd421f804eb1c0137ec6721b980136e4442aR69

after upgrade from gitea v1.16 to v1.17.

Related: #18452
  • Loading branch information
@pboguslawski
pboguslawski authored Oct 24, 2022
1 parent 0571ddc commit d5856fe
Showing 1 changed file with 4 additions and 0 deletions.
4 changes: 4 additions & 0 deletions services/auth/session.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -39,6 +39,10 @@ func (s *Session) Verify(req *http.Request, w http.ResponseWriter, store DataSto

// SessionUser returns the user object corresponding to the "uid" session variable.
func SessionUser(sess SessionStore) *user_model.User {
if sess == nil {
return nil
}

// Get user ID
uid := sess.Get("uid")
if uid == nil {
Expand Down

0 comments on commit d5856fe

Please sign in to comment.