applied
On Wed, Jul 20, 2016 at 01:31:33PM +0200, Dominik Csapak wrote:
> we wrongly assumed the keys to be 32 chars long,
> instead of 16
>
> Signed-off-by: Dominik Csapak <d.csa...@proxmox.com>
> ---
> PVE/AccessControl.pm | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/PVE/AccessControl.pm b/PVE/AccessControl.pm
> index 0af92d7..0b64374 100644
> --- a/PVE/AccessControl.pm
> +++ b/PVE/AccessControl.pm
> @@ -1299,7 +1299,7 @@ sub oath_verify_otp {
> foreach my $k (PVE::Tools::split_list($keys)) {
> # Note: we generate 3 values to allow small time drift
> my $binkey;
> - if ($k =~ /^[A-Z2-7=]{32}$/) {
> + if ($k =~ /^[A-Z2-7=]{16}$/) {
> $binkey = MIME::Base32::decode_rfc3548($k);
> } elsif ($k =~ /^[A-Fa-f0-9]{40}$/) {
> $binkey = pack('H*', $k);
> --
> 2.1.4
_______________________________________________
pve-devel mailing list
pve-devel@pve.proxmox.com
http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
