net-mail/zarafa/files/zarafa-fix-8842.patch


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23

Index: trunk/zcp/provider/libserver/ZarafaCmd.cpp
===================================================================
diff -u -N -r31009 -r31058
--- trunk/zcp/provider/libserver/ZarafaCmd.cpp	(.../ZarafaCmd.cpp)	(revision 31009)
+++ trunk/zcp/provider/libserver/ZarafaCmd.cpp	(.../ZarafaCmd.cpp)	(revision 31058)
@@ -824,13 +824,15 @@
 	ECRESULT	er = erSuccess;
 	ECSession 	*lpecSession = NULL;
 
-	er = g_lpSessionManager->ValidateSession(soap, ulSessionId, &lpecSession, false);
+	er = g_lpSessionManager->ValidateSession(soap, ulSessionId, &lpecSession, true);
 	if(er != erSuccess)
 		goto exit;
 
     if(lpecSession->GetAuthMethod() == ECSession::METHOD_USERPASSWORD || lpecSession->GetAuthMethod() == ECSession::METHOD_SSO)
         SaveLogonTime(lpecSession, false);
 
+	lpecSession->Unlock();
+
     // lpecSession is discarded. It is not locked, so we can do that. We only did the 'validatesession'
     // call to see if the session id existed in the first place, and the request is coming from the correct
     // IP address. Another logoff() call called at the same time may remove the session *here*, in which case the following call