[pve-devel] [PATCH stable5 access-control] ticket: properly verify exactly 5min old tickets
Fabian Grünbichler
f.gruenbichler at proxmox.com
Mon Jul 8 14:36:46 CEST 2019
to fix an issue where valid tickets could be rejected 5 minutes after a
key rotation, where the minimum age is exactly 0 seconds.
thanks Dominik for triaging!
Signed-off-by: Fabian Grünbichler <f.gruenbichler at proxmox.com>
(cherry picked from commit 5bb966fe5d6f3f6a30e86724c024f80ebebacfba)
---
this cherry-pick was missed, already applied in master
PVE/AccessControl.pm | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/PVE/AccessControl.pm b/PVE/AccessControl.pm
index fc519f1..908cccb 100644
--- a/PVE/AccessControl.pm
+++ b/PVE/AccessControl.pm
@@ -294,7 +294,7 @@ sub verify_ticket {
return undef if !$rsa_pub;
my ($min, $max) = $get_ticket_age_range->($now, $rsa_mtime, $old);
- return undef if !$min;
+ return undef if !defined($min);
return PVE::Ticket::verify_rsa_ticket(
$rsa_pub, 'PVE', $ticket, undef, $min, $max, 1);
--
2.20.1
More information about the pve-devel
mailing list