Properly release sessions during logout.

In the case where the error "LASSO_PROFILE_ERROR_SESSION_NOT_FOUND"
occurs during lasso_logout_validate_request(), we weren't releasing
the session mutex, which will lead to a deadlock in the next request
that needs to access a session. This patch makes sure we properly
release session in that case.

git-svn-id: https://modmellon.googlecode.com/svn/trunk@221 a716ebb1-153a-0410-b759-cfb97c6a1b53

1 files changed, 9 insertions, 4 deletions

diff --git a/auth_mellon_handler.c b/auth_mellon_handler.c
index 2887ec9..e471bdc 100644
--- a/auth_mellon_handler.c
+++ b/auth_mellon_handler.c
@@ -654,7 +654,7 @@ static int am_handle_logout_request(request_rec *r,
                                     LassoLogout *logout, char *msg)
 {
     gint res = 0, rc = HTTP_OK;
-    am_cache_entry_t *session;
+    am_cache_entry_t *session = NULL;
     am_dir_cfg_rec *cfg = am_get_dir_cfg(r);
 
     /* Process the logout message. Ignore missing signature. */
@@ -720,10 +720,11 @@ static int am_handle_logout_request(request_rec *r,
      * caused by the IdP believing that we are logged in when we are not.
      */
 
-    /* Delete the session. */
-    if (session != NULL && res != LASSO_PROFILE_ERROR_SESSION_NOT_FOUND)
+    if (session != NULL && res != LASSO_PROFILE_ERROR_SESSION_NOT_FOUND) {
+        /* We found a matching session -- delete it. */
         am_delete_request_session(r, session);
-
+        session = NULL;
+    }
 
     /* Create response message. */
     res = lasso_logout_build_response_msg(logout);
@@ -738,6 +739,10 @@ static int am_handle_logout_request(request_rec *r,
     rc = am_return_logout_response(r, &logout->parent);
 
 exit:
+    if (session != NULL) {
+        am_release_request_session(r, session);
+    }
+
     lasso_logout_destroy(logout);
     return rc;
 }