Merge pull request #3922 from BurtonQin/bug-1-2-3-inconsistent-field-protection

cache, context, session: add lock to fix inconsistent field protection
2020-02-22 15:09:25 +08:00 · 2020-02-22 15:09:25 +08:00 · 8f3d1c5f42
commit 8f3d1c5f42
parent 2410b364af cfdd1cd5be
3 changed files with 7 additions and 0 deletions
--- a/cache/memory.go
+++ b/cache/memory.go
@ -218,9 +218,12 @@ func (bc *MemoryCache) vacuum() {
 	}
 	for {
 		<-time.After(bc.dur)
+		bc.RLock()
 		if bc.items == nil {
+			bc.RUnlock()
 			return
 		}
+		bc.RUnlock()
 		if keys := bc.expiredKeys(); len(keys) != 0 {
 			bc.clearItems(keys)
 		}
--- a/context/input.go
+++ b/context/input.go
@ -71,7 +71,9 @@ func (input *BeegoInput) Reset(ctx *Context) {
 	input.CruSession = nil
 	input.pnames = input.pnames[:0]
 	input.pvalues = input.pvalues[:0]
+	input.dataLock.Lock()
 	input.data = nil
+	input.dataLock.Unlock()
 	input.RequestBody = []byte{}
 }

--- a/session/sess_cookie.go
+++ b/session/sess_cookie.go
@ -74,7 +74,9 @@ func (st *CookieSessionStore) SessionID() string {

 // SessionRelease Write cookie session to http response cookie
 func (st *CookieSessionStore) SessionRelease(w http.ResponseWriter) {
+	st.lock.Lock()
 	encodedCookie, err := encodeCookie(cookiepder.block, cookiepder.config.SecurityKey, cookiepder.config.SecurityName, st.values)
+	st.lock.Unlock()
 	if err == nil {
 		cookie := &http.Cookie{Name: cookiepder.config.CookieName,
 			Value:    url.QueryEscape(encodedCookie),