redfish session: fix null ptr dereference The session post handler creates a session object locally before setting the reference in the request object. When the user's password has expired, don't look for session information (like the username) via the request object reference. Tested: Prior to this change, posting to the Session collection will cause bmcweb to crash when the user's password is expired. With this change applied, the user is logged in with the correct configure self role and Base.1.11.0.PasswordChangeRequired is returned in the response. The user can subsequently change their password using the session. Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com> Change-Id: I3014181af71f75e65f6640efe47064d7adc1e9e9

commit: 85e6471b5e526c2f752623a01c14c09c7cf8c9cd [log] [tgz]
author: Brad Bishop <bradleyb@fuzziesquirrel.com> Fri Jul 29 12:59:07 2022 -0400
committer: Ed Tanous <ed@tanous.net> Mon Aug 01 21:25:28 2022 +0000
tree: 74b1c2c05219ac9b22959d45b9267b2ef717b08c
parent: 02e53aef7743fcd9e3c9c3f28c9cf0af09277415 [diff]
diff --git a/redfish-core/lib/redfish_sessions.hpp b/redfish-core/lib/redfish_sessions.hpp
index af01e05..84657d4 100644
--- a/redfish-core/lib/redfish_sessions.hpp
+++ b/redfish-core/lib/redfish_sessions.hpp

@@ -230,7 +230,7 @@
         messages::passwordChangeRequired(
             asyncResp->res,
             crow::utility::urlFromPieces("redfish", "v1", "AccountService",
-                                         "Accounts", req.session->username));
+                                         "Accounts", session->username));
     }
 
     fillSessionObject(asyncResp->res, *session);
commit	85e6471b5e526c2f752623a01c14c09c7cf8c9cd	[log] [tgz]
author	Brad Bishop <bradleyb@fuzziesquirrel.com>	Fri Jul 29 12:59:07 2022 -0400
committer	Ed Tanous <ed@tanous.net>	Mon Aug 01 21:25:28 2022 +0000
tree	74b1c2c05219ac9b22959d45b9267b2ef717b08c
parent	02e53aef7743fcd9e3c9c3f28c9cf0af09277415 [diff]