# HG changeset patch # User tmolitor # Date 1493060216 -7200 # Node ID d96831e46b64237561109314ad632ba9747ffe3b # Parent c971b2cee2cc82f6c3f498350ec6f4b2b1e28f15 Fix #889 Some buggy clients try to resume unauthenticated sessions and session.username is nil in this case (that caused the bug). diff -r c971b2cee2cc -r d96831e46b64 mod_smacks/mod_smacks.lua --- a/mod_smacks/mod_smacks.lua Fri Apr 07 23:34:40 2017 +0200 +++ b/mod_smacks/mod_smacks.lua Mon Apr 24 20:56:56 2017 +0200 @@ -49,8 +49,16 @@ if not cache then local store = {}; return { - get = function(user, key) return store[key]; end; - set = function(user, key, value) store[key] = value; end; + get = function(user, key) + if not user then return nil; end + if not key then return nil; end + return store[key]; + end; + set = function(user, key, value) + if not user then return nil; end + if not key then return nil; end + store[key] = value; + end; }; end @@ -58,12 +66,16 @@ local stores = {}; return { get = function(user, key) + if not user then return nil; end + if not key then return nil; end if not stores[user] then stores[user] = cache.new(max_entries, evict_callback); end return stores[user]:get(key); end; set = function(user, key, value) + if not user then return nil; end + if not key then return nil; end if not stores[user] then stores[user] = cache.new(max_entries, evict_callback); end stores[user]:set(key, value); -- remove empty caches completely @@ -73,7 +85,7 @@ end local old_session_registry = init_session_cache(max_old_sessions, nil); local session_registry = init_session_cache(max_hibernated_sessions, function(resumption_token, session) - if session.destroyed then return; end + if session.destroyed then return true; end -- destroyed session can always be removed from cache session.log("warn", "User has too much hibernated sessions, removing oldest session (token: %s)", resumption_token); -- store old session's h values on force delete -- save only actual h value and username/host (for security)