From af70dd635ffc7d8e90a45c5fe7470acd90ac6461 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Thu, 20 Jun 2024 00:18:06 +0000 Subject: stricter check for overfull tables in penalty record path --- usr.bin/ssh/srclimit.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/usr.bin/ssh/srclimit.c b/usr.bin/ssh/srclimit.c index 43095267804..8157ff02896 100644 --- a/usr.bin/ssh/srclimit.c +++ b/usr.bin/ssh/srclimit.c @@ -403,7 +403,7 @@ srclimit_penalise(struct xaddr *addr, int penalty_type) penalty_cfg.overflow_mode : penalty_cfg.overflow_mode6; npenaltiesp = addr->af == AF_INET ? &npenalties4 : &npenalties6; t = addr->af == AF_INET ? "ipv4" : "ipv6"; - if (*npenaltiesp > (size_t)max_sources && + if (*npenaltiesp >= (size_t)max_sources && overflow_mode == PER_SOURCE_PENALTY_OVERFLOW_DENY_ALL) { verbose_f("%s penalty table full, cannot penalise %s for %s", t, addrnetmask, reason); -- cgit v1.2.3