SessionUser protection against nil pointer dereference

`SessionUser` should be protected against passing `sess` = `nil` to avoid. ``` PANIC: runtime error: invalid memory address or nil pointer dereference ``` in https://github.com/go-gitea/gitea/pull/18452/files#diff-a215b82aadeb8b4c4632fcf31215dd421f804eb1c0137ec6721b980136e4442aR69 after upgrade from gitea v1.16 to v1.17. Related: go-gitea#18452 Author-Change-Id: IB#1126459
ibpl · Oct 6, 2022 · adac68d · adac68d
1 parent cbebcc1
commit adac68d
Showing 1 changed file with 5 additions and 1 deletion.
diff --git a/services/auth/session.go b/services/auth/session.go
@@ -1,4 +1,4 @@
-// Copyright 2019 The Gitea Authors. All rights reserved.
+// Copyright 2022 The Gitea Authors. All rights reserved.
 // Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 
@@ -30,6 +30,10 @@ func (s *Session) Name() string {
 // object for that uid.
 // Returns nil if there is no user uid stored in the session.
 func (s *Session) Verify(req *http.Request, w http.ResponseWriter, store DataStore, sess SessionStore) *user_model.User {
+	if sess == nil {
+		return nil
+	}
+
 	user := SessionUser(sess)
 	if user != nil {
 		return user