diff options
author | olavmrk <olavmrk@a716ebb1-153a-0410-b759-cfb97c6a1b53> | 2013-10-28 06:42:48 +0000 |
---|---|---|
committer | olavmrk <olavmrk@a716ebb1-153a-0410-b759-cfb97c6a1b53> | 2013-10-28 06:42:48 +0000 |
commit | c8c689a9a04ef1dc093bc798919a09b0642a13d7 (patch) | |
tree | 035f997ea84ea36ff829bb6a955ce9ad2a0caaa9 | |
parent | 5b3fbe8147d790e69a835c3351a8069f669f9186 (diff) | |
download | mod_auth_mellon-c8c689a9a04ef1dc093bc798919a09b0642a13d7.tar.gz mod_auth_mellon-c8c689a9a04ef1dc093bc798919a09b0642a13d7.tar.xz mod_auth_mellon-c8c689a9a04ef1dc093bc798919a09b0642a13d7.zip |
Properly release sessions during logout.
In the case where the error "LASSO_PROFILE_ERROR_SESSION_NOT_FOUND"
occurs during lasso_logout_validate_request(), we weren't releasing
the session mutex, which will lead to a deadlock in the next request
that needs to access a session. This patch makes sure we properly
release session in that case.
git-svn-id: https://modmellon.googlecode.com/svn/trunk@221 a716ebb1-153a-0410-b759-cfb97c6a1b53
-rw-r--r-- | auth_mellon_handler.c | 13 |
1 files changed, 9 insertions, 4 deletions
diff --git a/auth_mellon_handler.c b/auth_mellon_handler.c index 2887ec9..e471bdc 100644 --- a/auth_mellon_handler.c +++ b/auth_mellon_handler.c @@ -654,7 +654,7 @@ static int am_handle_logout_request(request_rec *r, LassoLogout *logout, char *msg) { gint res = 0, rc = HTTP_OK; - am_cache_entry_t *session; + am_cache_entry_t *session = NULL; am_dir_cfg_rec *cfg = am_get_dir_cfg(r); /* Process the logout message. Ignore missing signature. */ @@ -720,10 +720,11 @@ static int am_handle_logout_request(request_rec *r, * caused by the IdP believing that we are logged in when we are not. */ - /* Delete the session. */ - if (session != NULL && res != LASSO_PROFILE_ERROR_SESSION_NOT_FOUND) + if (session != NULL && res != LASSO_PROFILE_ERROR_SESSION_NOT_FOUND) { + /* We found a matching session -- delete it. */ am_delete_request_session(r, session); - + session = NULL; + } /* Create response message. */ res = lasso_logout_build_response_msg(logout); @@ -738,6 +739,10 @@ static int am_handle_logout_request(request_rec *r, rc = am_return_logout_response(r, &logout->parent); exit: + if (session != NULL) { + am_release_request_session(r, session); + } + lasso_logout_destroy(logout); return rc; } |