Fix User lifetime management in AuthorizationManager::acquireUserForSessionRefresh

XMLWordPrintableJSON

    • Type: Bug
    • Resolution: Fixed
    • Priority: Major - P3
    • 3.6.20, 4.0.21
    • Affects Version/s: None
    • Component/s: None
    • None
    • Fully Compatible
    • ALL
    • v3.6
    • Security 2020-08-24
    • 15
    • None
    • 3
    • None
    • None
    • None
    • None
    • None
    • None

      In 3.6 and 4.0, a User object may be leaked in AuthorizationManager::acquireUserForSessionRefresh if an error condition block is taken.

      The User object's ref count must be decremented in this error block.

      The affected code is only in 3.6 and 4.0. It was rewritten in 4.2.

            Assignee:
            Mark Benvenuto
            Reporter:
            Mark Benvenuto
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: