projects / oweals / busybox.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: eef2317)
Ronny L Nilsson writes:
authorEric Andersen <andersen@codepoet.org>
Wed, 30 Jul 2003 06:56:07 +0000 (06:56 -0000)
committerEric Andersen <andersen@codepoet.org>
Wed, 30 Jul 2003 06:56:07 +0000 (06:56 -0000)
The login process should always timeout if user don't login sucessfully within
reasonable time. Otherwise we're sensetive to a DOS attack by simply doing a
bunch of simultaneous telnet connections (deploys all availible TTY's).

This patch make login.c terminate the connection after  "TIMEOUT" seconds.

loginutils/login.c patch | blob | history

diff --git a/loginutils/login.c b/loginutils/login.c
index 741d15c9353bd8eb927b84577232f0498de4e3bc..c2bada258f637b6ec589cafbae2f617bf5cf5af6 100644 (file)
--- a/loginutils/login.c
+++ b/loginutils/login.c
@@ -86,12 +86,9 @@ extern int login_main(int argc, char **argv)
        username[0]=0;
        amroot = ( getuid ( ) == 0 );
        signal ( SIGALRM, alarm_handler );
+       alarm ( TIMEOUT );
+       alarmstarted = 1;
        
-       if (( argc > 1 ) && ( TIMEOUT > 0 )) {
-               alarm ( TIMEOUT );
-               alarmstarted = 1;
-       }
-
        while (( flag = getopt(argc, argv, "f:h:p")) != EOF ) {
                switch ( flag ) {
                case 'p':
Unnamed repository; edit this file 'description' to name the repository.