mirror of git://anongit.mindrot.org/openssh.git
upstream: When clients get denied by MaxStartups, send a
noification prior to the SSH2 protocol banner according to RFC4253 section 4.2. ok djm@ deraadt@ markus@ OpenBSD-Commit-ID: e5dabcb722d54dea18eafb336d50b733af4f9c63
This commit is contained in:
dtucker@openbsd.org
Damien Miller
parent
bf219920b7
commit
fc173aeb15
5
sshd.c
5
sshd.c
|
|
@ -1,4 +1,4 @@
|
||||||
/* $OpenBSD: sshd.c,v 1.539 2019/10/31 21:23:19 djm Exp $ */
|
/* $OpenBSD: sshd.c,v 1.540 2019/11/13 11:25:11 dtucker Exp $ */
|
||||||
/*
|
/*
|
||||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||||
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||||
|
|
@ -1154,6 +1154,7 @@ server_accept_loop(int *sock_in, int *sock_out, int *newsock, int *config_s)
|
||||||
if (drop_connection(startups) == 1) {
|
if (drop_connection(startups) == 1) {
|
||||||
char *laddr = get_local_ipaddr(*newsock);
|
char *laddr = get_local_ipaddr(*newsock);
|
||||||
char *raddr = get_peer_ipaddr(*newsock);
|
char *raddr = get_peer_ipaddr(*newsock);
|
||||||
|
char msg[] = "Exceeded MaxStartups\r\n";
|
||||||
|
|
||||||
verbose("drop connection #%d from [%s]:%d "
|
verbose("drop connection #%d from [%s]:%d "
|
||||||
"on [%s]:%d past MaxStartups", startups,
|
"on [%s]:%d past MaxStartups", startups,
|
||||||
|
|
@ -1161,6 +1162,8 @@ server_accept_loop(int *sock_in, int *sock_out, int *newsock, int *config_s)
|
||||||
laddr, get_local_port(*newsock));
|
laddr, get_local_port(*newsock));
|
||||||
free(laddr);
|
free(laddr);
|
||||||
free(raddr);
|
free(raddr);
|
||||||
|
/* best-effort notification to client */
|
||||||
|
(void)write(*newsock, msg, strlen(msg));
|
||||||
close(*newsock);
|
close(*newsock);
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue