Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 464ca6f

Browse files
skyeturriffskyeturriff
authored
add check for server session RPC requests (#16638)
1 parent acbf2f2 commit 464ca6f

File tree

1 file changed

+3
-5
lines changed

1 file changed

+3
-5
lines changed

src/cpp/server/session/ServerSessionRpc.cpp

Lines changed: 3 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -117,12 +117,8 @@ void validationHandler(
117117
{
118118
std::string username;
119119

120-
// validate that the secret matches what we expect
121-
std::string secret =
122-
pConnection->request().headerValue(kServerRpcSecretHeader);
123-
124120
// if there is no secret, check for a message signature instead
125-
if (secret.empty())
121+
if (!pConnection->request().containsHeader(kServerRpcSecretHeader))
126122
{
127123
if (!validateSecureCookie(pConnection, &username, fallbackAllowed))
128124
{
@@ -134,6 +130,8 @@ void validationHandler(
134130
else
135131
{
136132
// used for traditional unix socket mode
133+
// validate that the secret matches what we expect
134+
std::string secret = pConnection->request().headerValue(kServerRpcSecretHeader);
137135
if (secret != s_sessionSharedSecret)
138136
{
139137
if (!fallbackAllowed)

0 commit comments

Comments
 (0)