proxmox-mirrors/pve-access-control
1
0
Fork 0
mirror of https://git.proxmox.com/git/pve-access-control synced 2026-02-01 18:11:00 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

ticket: properly verify exactly 5min old tickets

Browse Source 
to fix an issue where valid tickets could be rejected 5 minutes after a
key rotation, where the minimum age is exactly 0 seconds.

thanks Dominik for triaging!

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
This commit is contained in:
Fabian Grünbichler 2019-06-19 11:46:17 +02:00 committed by Thomas Lamprecht
parent bab2334336
commit 5bb966fe5d
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
PVE/AccessControl.pm
View File

@ -283,7 +283,7 @@ sub verify_ticket {
return undef if !$rsa_pub;
my ($min, $max) = $get_ticket_age_range->($now, $rsa_mtime, $old);
return undef if !$min;
return undef if !defined($min);
return PVE::Ticket::verify_rsa_ticket(
$rsa_pub, 'PVE', $ticket, undef, $min, $max, 1);