diff options
author | Brad Bishop <bradleyb@fuzziesquirrel.com> | 2022-07-29 19:59:07 +0300 |
---|---|---|
committer | Ed Tanous <ed@tanous.net> | 2022-08-02 00:25:28 +0300 |
commit | 85e6471b5e526c2f752623a01c14c09c7cf8c9cd (patch) | |
tree | 74b1c2c05219ac9b22959d45b9267b2ef717b08c | |
parent | 02e53aef7743fcd9e3c9c3f28c9cf0af09277415 (diff) | |
download | bmcweb-85e6471b5e526c2f752623a01c14c09c7cf8c9cd.tar.xz |
redfish session: fix null ptr dereference
The session post handler creates a session object locally before setting
the reference in the request object. When the user's password has
expired, don't look for session information (like the username) via the
request object reference.
Tested: Prior to this change, posting to the Session collection will
cause bmcweb to crash when the user's password is expired. With this
change applied, the user is logged in with the correct configure self
role and Base.1.11.0.PasswordChangeRequired is returned in the response.
The user can subsequently change their password using the session.
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
Change-Id: I3014181af71f75e65f6640efe47064d7adc1e9e9
-rw-r--r-- | redfish-core/lib/redfish_sessions.hpp | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/redfish-core/lib/redfish_sessions.hpp b/redfish-core/lib/redfish_sessions.hpp index af01e05af7..84657d41eb 100644 --- a/redfish-core/lib/redfish_sessions.hpp +++ b/redfish-core/lib/redfish_sessions.hpp @@ -230,7 +230,7 @@ inline void handleSessionCollectionPost( messages::passwordChangeRequired( asyncResp->res, crow::utility::urlFromPieces("redfish", "v1", "AccountService", - "Accounts", req.session->username)); + "Accounts", session->username)); } fillSessionObject(asyncResp->res, *session); |