summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorolavmrk <olavmrk@a716ebb1-153a-0410-b759-cfb97c6a1b53>2013-10-28 06:42:48 +0000
committerolavmrk <olavmrk@a716ebb1-153a-0410-b759-cfb97c6a1b53>2013-10-28 06:42:48 +0000
commitc8c689a9a04ef1dc093bc798919a09b0642a13d7 (patch)
tree035f997ea84ea36ff829bb6a955ce9ad2a0caaa9
parent5b3fbe8147d790e69a835c3351a8069f669f9186 (diff)
downloadmod_auth_mellon-c8c689a9a04ef1dc093bc798919a09b0642a13d7.zip
mod_auth_mellon-c8c689a9a04ef1dc093bc798919a09b0642a13d7.tar.gz
mod_auth_mellon-c8c689a9a04ef1dc093bc798919a09b0642a13d7.tar.xz
Properly release sessions during logout.
In the case where the error "LASSO_PROFILE_ERROR_SESSION_NOT_FOUND" occurs during lasso_logout_validate_request(), we weren't releasing the session mutex, which will lead to a deadlock in the next request that needs to access a session. This patch makes sure we properly release session in that case. git-svn-id: https://modmellon.googlecode.com/svn/trunk@221 a716ebb1-153a-0410-b759-cfb97c6a1b53
-rw-r--r--auth_mellon_handler.c13
1 files changed, 9 insertions, 4 deletions
diff --git a/auth_mellon_handler.c b/auth_mellon_handler.c
index 2887ec9..e471bdc 100644
--- a/auth_mellon_handler.c
+++ b/auth_mellon_handler.c
@@ -654,7 +654,7 @@ static int am_handle_logout_request(request_rec *r,
LassoLogout *logout, char *msg)
{
gint res = 0, rc = HTTP_OK;
- am_cache_entry_t *session;
+ am_cache_entry_t *session = NULL;
am_dir_cfg_rec *cfg = am_get_dir_cfg(r);
/* Process the logout message. Ignore missing signature. */
@@ -720,10 +720,11 @@ static int am_handle_logout_request(request_rec *r,
* caused by the IdP believing that we are logged in when we are not.
*/
- /* Delete the session. */
- if (session != NULL && res != LASSO_PROFILE_ERROR_SESSION_NOT_FOUND)
+ if (session != NULL && res != LASSO_PROFILE_ERROR_SESSION_NOT_FOUND) {
+ /* We found a matching session -- delete it. */
am_delete_request_session(r, session);
-
+ session = NULL;
+ }
/* Create response message. */
res = lasso_logout_build_response_msg(logout);
@@ -738,6 +739,10 @@ static int am_handle_logout_request(request_rec *r,
rc = am_return_logout_response(r, &logout->parent);
exit:
+ if (session != NULL) {
+ am_release_request_session(r, session);
+ }
+
lasso_logout_destroy(logout);
return rc;
}