* [pmg-devel] [PATCH pmg-api master v1] pmgproxy: fix matching against potentially uninitialized value $ticket
@ 2025-09-22 13:39 Max R. Carrara
2025-09-22 21:49 ` [pmg-devel] applied: " Stoiko Ivanov
0 siblings, 1 reply; 2+ messages in thread
From: Max R. Carrara @ 2025-09-22 13:39 UTC (permalink / raw)
To: pmg-devel
`$ticket` here is undef if a non-empty `Cookie` header is included in
the request, but `PMGAuthCookie` isn't actually set.
`extract_auth_value()` returns undef, because the match fails.
Therefore, check for definedness before matching on `$ticket`.
Additional Context:
Ran into this during testing; as it didn't appear for all VMs, I
figured that some of the VMs' IP addresses belonged to other VMs
previously. After digging a little in the Firefox dev tools, it turned
out that `PVEAuthCookie` is actually sent as well, confirming my
suspicion.
Can easily be reproduced via:
`curl -k -H 'Cookie: Foo=bar' https://$HOSTNAME:8006/`
Signed-off-by: Max R. Carrara <m.carrara@proxmox.com>
---
src/PMG/Service/pmgproxy.pm | 10 ++++++----
1 file changed, 6 insertions(+), 4 deletions(-)
diff --git a/src/PMG/Service/pmgproxy.pm b/src/PMG/Service/pmgproxy.pm
index c92a3f3..de7a6c5 100644
--- a/src/PMG/Service/pmgproxy.pm
+++ b/src/PMG/Service/pmgproxy.pm
@@ -226,10 +226,12 @@ sub get_index {
my $ticket = PVE::APIServer::Formatter::extract_auth_value($cookie, $server->{cookie_name});
- if ($ticket =~ m/^PMGQUAR:/) {
- $username = PMG::Ticket::verify_quarantine_ticket($ticket, 1);
- } else {
- $username = PMG::Ticket::verify_ticket($ticket, undef, 1);
+ if (defined($ticket)) {
+ if ($ticket =~ m/^PMGQUAR:/) {
+ $username = PMG::Ticket::verify_quarantine_ticket($ticket, 1);
+ } else {
+ $username = PMG::Ticket::verify_ticket($ticket, undef, 1);
+ }
}
} else {
if (defined($args->{ticket})) {
--
2.47.3
_______________________________________________
pmg-devel mailing list
pmg-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pmg-devel
^ permalink raw reply [flat|nested] 2+ messages in thread
* [pmg-devel] applied: [PATCH pmg-api master v1] pmgproxy: fix matching against potentially uninitialized value $ticket
2025-09-22 13:39 [pmg-devel] [PATCH pmg-api master v1] pmgproxy: fix matching against potentially uninitialized value $ticket Max R. Carrara
@ 2025-09-22 21:49 ` Stoiko Ivanov
0 siblings, 0 replies; 2+ messages in thread
From: Stoiko Ivanov @ 2025-09-22 21:49 UTC (permalink / raw)
To: Max R. Carrara; +Cc: pmg-devel
Thanks for getting to this so quickly!
applied the patch after quickly verifying it works as advertised.
On Mon, 22 Sep 2025 15:39:17 +0200
"Max R. Carrara" <m.carrara@proxmox.com> wrote:
> `$ticket` here is undef if a non-empty `Cookie` header is included in
> the request, but `PMGAuthCookie` isn't actually set.
> `extract_auth_value()` returns undef, because the match fails.
>
> Therefore, check for definedness before matching on `$ticket`.
>
> Additional Context:
> Ran into this during testing; as it didn't appear for all VMs, I
> figured that some of the VMs' IP addresses belonged to other VMs
> previously. After digging a little in the Firefox dev tools, it turned
> out that `PVEAuthCookie` is actually sent as well, confirming my
> suspicion.
>
> Can easily be reproduced via:
> `curl -k -H 'Cookie: Foo=bar' https://$HOSTNAME:8006/`
>
> Signed-off-by: Max R. Carrara <m.carrara@proxmox.com>
> ---
> src/PMG/Service/pmgproxy.pm | 10 ++++++----
> 1 file changed, 6 insertions(+), 4 deletions(-)
>
> diff --git a/src/PMG/Service/pmgproxy.pm b/src/PMG/Service/pmgproxy.pm
> index c92a3f3..de7a6c5 100644
> --- a/src/PMG/Service/pmgproxy.pm
> +++ b/src/PMG/Service/pmgproxy.pm
> @@ -226,10 +226,12 @@ sub get_index {
>
> my $ticket = PVE::APIServer::Formatter::extract_auth_value($cookie, $server->{cookie_name});
>
> - if ($ticket =~ m/^PMGQUAR:/) {
> - $username = PMG::Ticket::verify_quarantine_ticket($ticket, 1);
> - } else {
> - $username = PMG::Ticket::verify_ticket($ticket, undef, 1);
> + if (defined($ticket)) {
> + if ($ticket =~ m/^PMGQUAR:/) {
> + $username = PMG::Ticket::verify_quarantine_ticket($ticket, 1);
> + } else {
> + $username = PMG::Ticket::verify_ticket($ticket, undef, 1);
> + }
> }
> } else {
> if (defined($args->{ticket})) {
_______________________________________________
pmg-devel mailing list
pmg-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pmg-devel
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2025-09-22 21:49 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2025-09-22 13:39 [pmg-devel] [PATCH pmg-api master v1] pmgproxy: fix matching against potentially uninitialized value $ticket Max R. Carrara
2025-09-22 21:49 ` [pmg-devel] applied: " Stoiko Ivanov
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox