summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDamien Miller <djm@cvs.openbsd.org>2024-06-20 00:18:06 +0000
committerDamien Miller <djm@cvs.openbsd.org>2024-06-20 00:18:06 +0000
commitaf70dd635ffc7d8e90a45c5fe7470acd90ac6461 (patch)
treeb15d77ab34336e2d27b5ac238c74355adb8a5036
parent9b97ad5b2383958cc18089509c9b7d4a11a659a4 (diff)
stricter check for overfull tables in penalty record path
-rw-r--r--usr.bin/ssh/srclimit.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/usr.bin/ssh/srclimit.c b/usr.bin/ssh/srclimit.c
index 43095267804..8157ff02896 100644
--- a/usr.bin/ssh/srclimit.c
+++ b/usr.bin/ssh/srclimit.c
@@ -403,7 +403,7 @@ srclimit_penalise(struct xaddr *addr, int penalty_type)
penalty_cfg.overflow_mode : penalty_cfg.overflow_mode6;
npenaltiesp = addr->af == AF_INET ? &npenalties4 : &npenalties6;
t = addr->af == AF_INET ? "ipv4" : "ipv6";
- if (*npenaltiesp > (size_t)max_sources &&
+ if (*npenaltiesp >= (size_t)max_sources &&
overflow_mode == PER_SOURCE_PENALTY_OVERFLOW_DENY_ALL) {
verbose_f("%s penalty table full, cannot penalise %s for %s", t,
addrnetmask, reason);