From 7b7739358ddcf14e1e20908fc8c551193147fb9a Mon Sep 17 00:00:00 2001
From: evilsocket <evilsocket@gmail.com>
Date: Thu, 27 Sep 2018 15:25:35 +0200
Subject: [PATCH] fix: locking the session object when it's read by the api
 module (fixes #349)

---
 modules/api_rest_controller.go |  3 +++
 session/session.go             | 12 ++++++++++++
 2 files changed, 15 insertions(+)

diff --git a/modules/api_rest_controller.go b/modules/api_rest_controller.go
index 181c954e..e50fe3a6 100644
--- a/modules/api_rest_controller.go
+++ b/modules/api_rest_controller.go
@@ -186,6 +186,9 @@ func (api *RestAPI) sessionRoute(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
+	session.I.Lock()
+	defer session.I.Unlock()
+
 	path := r.URL.String()
 	switch {
 	case path == "/api/session":
diff --git a/session/session.go b/session/session.go
index 38a33afa..5ac7ac0f 100644
--- a/session/session.go
+++ b/session/session.go
@@ -108,6 +108,18 @@ func New() (*Session, error) {
 	return s, nil
 }
 
+func (s *Session) Lock() {
+	s.Env.Lock()
+	s.Lan.Lock()
+	s.WiFi.Lock()
+}
+
+func (s *Session) Unlock() {
+	s.Env.Unlock()
+	s.Lan.Unlock()
+	s.WiFi.Unlock()
+}
+
 func (s *Session) Module(name string) (err error, mod Module) {
 	for _, m := range s.Modules {
 		if m.Name() == name {