diff options
author | wukaihua-fii-na <eason.kh.wu@fii-na.com> | 2022-05-18 04:19:16 +0300 |
---|---|---|
committer | Ed Tanous <ed@tanous.net> | 2022-05-24 17:06:52 +0300 |
commit | 0fd2986567e6e5328942e126b2c7ed28ab12de83 (patch) | |
tree | 68b8d014ecca24bd7d20b3d96ac74b6498af4a85 | |
parent | 244256cc493c6c258ce3784b5128cab85ce56c6d (diff) | |
download | bmcweb-0fd2986567e6e5328942e126b2c7ed28ab12de83.tar.xz |
Fix segmentation fault when deleting the sessions
Fix the segmentation fault caused by deleting the sessions via Redfish.
Do not compare the username when deleting the sessions with no-auth.
Tested: Delete the session via Redfish and bmcweb not crashed
Signed-off-by: wukaihua-fii-na <eason.kh.wu@fii-na.com>
Change-Id: I7f5268e7243a22ba5010ba5b8b4c82f19b8b4f20
-rw-r--r-- | redfish-core/lib/redfish_sessions.hpp | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/redfish-core/lib/redfish_sessions.hpp b/redfish-core/lib/redfish_sessions.hpp index 58499a5988..89008c92b9 100644 --- a/redfish-core/lib/redfish_sessions.hpp +++ b/redfish-core/lib/redfish_sessions.hpp @@ -89,7 +89,8 @@ inline void // then the ConfigureSelf privilege does not apply. In that // case, perform the authority check again without the user's // ConfigureSelf privilege. - if (session->username != req.session->username) + if (req.session != nullptr && !session->username.empty() && + session->username != req.session->username) { Privileges effectiveUserPrivileges = redfish::getUserPrivileges(req.userRole); |