diff options
| author | djm@openbsd.org <djm@openbsd.org> | 2024-06-20 02:18:05 +0200 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2024-06-20 02:19:10 +0200 |
| commit | e9b6471c59b21e5d9ef1b3832d4bf727338add85 (patch) | |
| tree | 43d5fca188d89ad6b634aa3b47eab6b2613037e8 /srclimit.c | |
| parent | upstream: put back reaping of preauth child process when writes (diff) | |
| download | openssh-e9b6471c59b21e5d9ef1b3832d4bf727338add85.tar.xz openssh-e9b6471c59b21e5d9ef1b3832d4bf727338add85.zip | |
upstream: stricter check for overfull tables in penalty record path
OpenBSD-Commit-ID: 7df01e648a0723418c554e64a9f2b6d38db060a6
Diffstat (limited to 'srclimit.c')
| -rw-r--r-- | srclimit.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/srclimit.c b/srclimit.c index 837e82606..3dbdbf675 100644 --- a/srclimit.c +++ b/srclimit.c @@ -405,7 +405,7 @@ srclimit_penalise(struct xaddr *addr, int penalty_type) penalty_cfg.overflow_mode : penalty_cfg.overflow_mode6; npenaltiesp = addr->af == AF_INET ? &npenalties4 : &npenalties6; t = addr->af == AF_INET ? "ipv4" : "ipv6"; - if (*npenaltiesp > (size_t)max_sources && + if (*npenaltiesp >= (size_t)max_sources && overflow_mode == PER_SOURCE_PENALTY_OVERFLOW_DENY_ALL) { verbose_f("%s penalty table full, cannot penalise %s for %s", t, addrnetmask, reason); |