From e56d4313bdb86cc97e5dd2103978aceaee92bd8e Mon Sep 17 00:00:00 2001
From: Gerardo Ganis <Gerardo.Ganis@cern.ch>
Date: Tue, 10 Oct 2017 11:39:40 +0200
Subject: [PATCH] secgsi: fix possible segfault in cache checking (#595)

A check on the entry validity was misplaced.
Should fix issue #595 .
---
 src/XrdSecgsi/XrdSecProtocolgsi.cc | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/XrdSecgsi/XrdSecProtocolgsi.cc b/src/XrdSecgsi/XrdSecProtocolgsi.cc
index a4ac93ffcb4..7b3ebedb9bd 100644
--- a/src/XrdSecgsi/XrdSecProtocolgsi.cc
+++ b/src/XrdSecgsi/XrdSecProtocolgsi.cc
@@ -1550,14 +1550,14 @@ static bool AuthzFunCheck(XrdSutCacheEntry *e, void *a) {
    long to_ref = (*((XrdSutCacheArg_t *)a)).arg3;
    int st_exp = (*((XrdSutCacheArg_t *)a)).arg4;
 
-   if (e) {
+   if (e && (e->status == st_ref)) {
       // Check expiration, if required
       bool expired = 0;
       if (to_ref > 0 && (ts_ref - e->mtime) > to_ref) expired = 1;
       int notafter = *((int *) e->buf2.buf);
       if (to_ref > notafter) expired = 1;
 
-      if (expired || (e->status != st_ref)) {
+      if (expired) {
          // Invalidate the entry, if the case
          e->status = st_exp;
       } else {