diff options
| author | Damien Miller <djm@cvs.openbsd.org> | 2024-06-20 00:18:06 +0000 |
|---|---|---|
| committer | Damien Miller <djm@cvs.openbsd.org> | 2024-06-20 00:18:06 +0000 |
| commit | af70dd635ffc7d8e90a45c5fe7470acd90ac6461 (patch) | |
| tree | b15d77ab34336e2d27b5ac238c74355adb8a5036 /usr.bin | |
| parent | 9b97ad5b2383958cc18089509c9b7d4a11a659a4 (diff) | |
stricter check for overfull tables in penalty record path
Diffstat (limited to 'usr.bin')
| -rw-r--r-- | usr.bin/ssh/srclimit.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/usr.bin/ssh/srclimit.c b/usr.bin/ssh/srclimit.c index 43095267804..8157ff02896 100644 --- a/usr.bin/ssh/srclimit.c +++ b/usr.bin/ssh/srclimit.c @@ -403,7 +403,7 @@ srclimit_penalise(struct xaddr *addr, int penalty_type) penalty_cfg.overflow_mode : penalty_cfg.overflow_mode6; npenaltiesp = addr->af == AF_INET ? &npenalties4 : &npenalties6; t = addr->af == AF_INET ? "ipv4" : "ipv6"; - if (*npenaltiesp > (size_t)max_sources && + if (*npenaltiesp >= (size_t)max_sources && overflow_mode == PER_SOURCE_PENALTY_OVERFLOW_DENY_ALL) { verbose_f("%s penalty table full, cannot penalise %s for %s", t, addrnetmask, reason); |