From c8c689a9a04ef1dc093bc798919a09b0642a13d7 Mon Sep 17 00:00:00 2001 From: olavmrk Date: Mon, 28 Oct 2013 06:42:48 +0000 Subject: Properly release sessions during logout. In the case where the error "LASSO_PROFILE_ERROR_SESSION_NOT_FOUND" occurs during lasso_logout_validate_request(), we weren't releasing the session mutex, which will lead to a deadlock in the next request that needs to access a session. This patch makes sure we properly release session in that case. git-svn-id: https://modmellon.googlecode.com/svn/trunk@221 a716ebb1-153a-0410-b759-cfb97c6a1b53 --- auth_mellon_handler.c | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/auth_mellon_handler.c b/auth_mellon_handler.c index 2887ec9..e471bdc 100644 --- a/auth_mellon_handler.c +++ b/auth_mellon_handler.c @@ -654,7 +654,7 @@ static int am_handle_logout_request(request_rec *r, LassoLogout *logout, char *msg) { gint res = 0, rc = HTTP_OK; - am_cache_entry_t *session; + am_cache_entry_t *session = NULL; am_dir_cfg_rec *cfg = am_get_dir_cfg(r); /* Process the logout message. Ignore missing signature. */ @@ -720,10 +720,11 @@ static int am_handle_logout_request(request_rec *r, * caused by the IdP believing that we are logged in when we are not. */ - /* Delete the session. */ - if (session != NULL && res != LASSO_PROFILE_ERROR_SESSION_NOT_FOUND) + if (session != NULL && res != LASSO_PROFILE_ERROR_SESSION_NOT_FOUND) { + /* We found a matching session -- delete it. */ am_delete_request_session(r, session); - + session = NULL; + } /* Create response message. */ res = lasso_logout_build_response_msg(logout); @@ -738,6 +739,10 @@ static int am_handle_logout_request(request_rec *r, rc = am_return_logout_response(r, &logout->parent); exit: + if (session != NULL) { + am_release_request_session(r, session); + } + lasso_logout_destroy(logout); return rc; } -- cgit