Fix segmentation fault when deleting the sessions

Fix the segmentation fault caused by deleting the sessions via Redfish. Do not compare the username when deleting the sessions with no-auth. Tested: Delete the session via Redfish and bmcweb not crashed Signed-off-by: wukaihua-fii-na <eason.kh.wu@fii-na.com> Change-Id: I7f5268e7243a22ba5010ba5b8b4c82f19b8b4f20
author: wukaihua-fii-na <eason.kh.wu@fii-na.com> 2022-05-18 04:19:16 +0300
committer: Ed Tanous <ed@tanous.net> 2022-05-24 17:06:52 +0300
commit: 0fd2986567e6e5328942e126b2c7ed28ab12de83 (patch)
tree: 68b8d014ecca24bd7d20b3d96ac74b6498af4a85
parent: 244256cc493c6c258ce3784b5128cab85ce56c6d (diff)
download: bmcweb-0fd2986567e6e5328942e126b2c7ed28ab12de83.tar.xz
1 files changed, 2 insertions, 1 deletions
diff --git a/redfish-core/lib/redfish_sessions.hpp b/redfish-core/lib/redfish_sessions.hpp
index 58499a5988..89008c92b9 100644
--- a/redfish-core/lib/redfish_sessions.hpp
+++ b/redfish-core/lib/redfish_sessions.hpp
@@ -89,7 +89,8 @@ inline void
     // then the ConfigureSelf privilege does not apply.  In that
     // case, perform the authority check again without the user's
     // ConfigureSelf privilege.
-    if (session->username != req.session->username)
+    if (req.session != nullptr && !session->username.empty() &&
+        session->username != req.session->username)
     {
         Privileges effectiveUserPrivileges =
             redfish::getUserPrivileges(req.userRole);
author	wukaihua-fii-na <eason.kh.wu@fii-na.com>	2022-05-18 04:19:16 +0300
committer	Ed Tanous <ed@tanous.net>	2022-05-24 17:06:52 +0300
commit	0fd2986567e6e5328942e126b2c7ed28ab12de83 (patch)
tree	68b8d014ecca24bd7d20b3d96ac74b6498af4a85
parent	244256cc493c6c258ce3784b5128cab85ce56c6d (diff)
download	bmcweb-0fd2986567e6e5328942e126b2c7ed28ab12de83.tar.xz