to fix an issue where valid tickets could be rejected 5 minutes after a key rotation, where the minimum age is exactly 0 seconds.
thanks Dominik for triaging! Signed-off-by: Fabian Grünbichler <f.gruenbich...@proxmox.com> --- Notes: note: this should probably be applied to master and stable-5 PVE/AccessControl.pm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/PVE/AccessControl.pm b/PVE/AccessControl.pm index 5de060d..fff2df2 100644 --- a/PVE/AccessControl.pm +++ b/PVE/AccessControl.pm @@ -283,7 +283,7 @@ sub verify_ticket { return undef if !$rsa_pub; my ($min, $max) = $get_ticket_age_range->($now, $rsa_mtime, $old); - return undef if !$min; + return undef if !defined($min); return PVE::Ticket::verify_rsa_ticket( $rsa_pub, 'PVE', $ticket, undef, $min, $max, 1); -- 2.20.1 _______________________________________________ pve-devel mailing list pve-devel@pve.proxmox.com https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel