From edf4f7a5e0629c58a51ff6e2880cfae3b05e8920 Mon Sep 17 00:00:00 2001
From: Jeff Mitchell <jeff@hashicorp.com>
Date: Mon, 28 May 2018 12:08:22 -0400
Subject: [PATCH] Ensure safety_buffer in PKI is greater than zero (#4643)

Fixes #4641
---
 builtin/logical/pki/path_tidy.go | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/builtin/logical/pki/path_tidy.go b/builtin/logical/pki/path_tidy.go
index b254321a36..9b0a86df9c 100644
--- a/builtin/logical/pki/path_tidy.go
+++ b/builtin/logical/pki/path_tidy.go
@@ -53,6 +53,10 @@ func (b *backend) pathTidyWrite(ctx context.Context, req *logical.Request, d *fr
 	tidyCertStore := d.Get("tidy_cert_store").(bool)
 	tidyRevocationList := d.Get("tidy_revocation_list").(bool)
 
+	if safetyBuffer < 1 {
+		return logical.ErrorResponse("safety_buffer must be greater than zero"), nil
+	}
+
 	bufferDuration := time.Duration(safetyBuffer) * time.Second
 
 	var resp *logical.Response