]> git.proxmox.com Git - pve-access-control.git/commitdiff
projects / pve-access-control.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: f03307b)
ticket: properly verify exactly 5min old tickets
authorFabian Grünbichler <f.gruenbichler@proxmox.com>
Mon, 8 Jul 2019 12:36:46 +0000 (14:36 +0200)
committerThomas Lamprecht <t.lamprecht@proxmox.com>
Mon, 8 Jul 2019 16:52:34 +0000 (18:52 +0200)
to fix an issue where valid tickets could be rejected 5 minutes after a
key rotation, where the minimum age is exactly 0 seconds.

thanks Dominik for triaging!

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
(cherry picked from commit 5bb966fe5d6f3f6a30e86724c024f80ebebacfba)

PVE/AccessControl.pm patch | blob | blame | history

diff --git a/PVE/AccessControl.pm b/PVE/AccessControl.pm
index fc519f1d63c5ba9d5c5a7fe121d23a39f9fb5cc7..908cccbbd1ef8c4dff1fcbdaf82d64999cf1782b 100644 (file)
--- a/PVE/AccessControl.pm
+++ b/PVE/AccessControl.pm
@@ -294,7 +294,7 @@ sub verify_ticket {
        return undef if !$rsa_pub;
 
        my ($min, $max) = $get_ticket_age_range->($now, $rsa_mtime, $old);
-       return undef if !$min;
+       return undef if !defined($min);
 
        return PVE::Ticket::verify_rsa_ticket(
            $rsa_pub, 'PVE', $ticket, undef, $min, $max, 1);
Access control framework