artulab
projects / openbsd / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: c01d1bf)
fix off-by-one comparison for PerSourcePenalty overflow:deny-all mode
authordjm <djm@openbsd.org>
Tue, 11 Jun 2024 01:22:25 +0000 (01:22 +0000)
committerdjm <djm@openbsd.org>
Tue, 11 Jun 2024 01:22:25 +0000 (01:22 +0000)
usr.bin/ssh/srclimit.c patch | blob | history

diff --git a/usr.bin/ssh/srclimit.c b/usr.bin/ssh/srclimit.c
index 011b83a..c89deef 100644 (file)
--- a/usr.bin/ssh/srclimit.c
+++ b/usr.bin/ssh/srclimit.c
@@ -259,7 +259,7 @@ srclimit_penalty_check_allow(int sock, const char **reason)
                        return 1;
                }
        }
-       if (npenalties > (size_t)penalty_cfg.max_sources &&
+       if (npenalties >= (size_t)penalty_cfg.max_sources &&
            penalty_cfg.overflow_mode == PER_SOURCE_PENALTY_OVERFLOW_DENY_ALL) {
                *reason = "too many penalised addresses";
                return 0;
OpenBSD src
by Ahmet Artu Yildirim