Fix http2 use after free bug
In the below code, we move out of Response, then use it to set
unauthorized, which never gets returned to the user. This results in
the browser showing an empty 200 ok request, because while the request
was propagated rejected, the 401 error code didn't get propagated to the
user.
Tested: If not logged in on a chrome browser:
/redfish/v1 -> Returns the UI
/refish/v1/AccountService -> returns a forward to the webui login page.
If logged into the webui.
/redfish/v1/AccountService now returns the expected HTML redfish
representation of the json response.
Change-Id: I2c906f818367ebb253b3e6097e6787ba4c215e0a
Signed-off-by: Ed Tanous <ed@tanous.net>
diff --git a/http/http2_connection.hpp b/http/http2_connection.hpp
index 7e8224e..4b2d186 100644
--- a/http/http2_connection.hpp
+++ b/http/http2_connection.hpp
@@ -265,7 +265,7 @@
std::make_shared<bmcweb::AsyncResp>(std::move(it->second.res));
#ifndef BMCWEB_INSECURE_DISABLE_AUTHX
thisReq.session = crow::authentication::authenticate(
- {}, thisRes, thisReq.method(), thisReq.req, nullptr);
+ {}, asyncResp->res, thisReq.method(), thisReq.req, nullptr);
if (!crow::authentication::isOnAllowlist(thisReq.url().path(),
thisReq.method()) &&
thisReq.session == nullptr)
@@ -274,7 +274,7 @@
forward_unauthorized::sendUnauthorized(
thisReq.url().encoded_path(),
thisReq.getHeaderValue("X-Requested-With"),
- thisReq.getHeaderValue("Accept"), thisRes);
+ thisReq.getHeaderValue("Accept"), asyncResp->res);
}
else
#endif // BMCWEB_INSECURE_DISABLE_AUTHX