Ronny L Nilsson writes:

The login process should always timeout if user don't login sucessfully within
reasonable time. Otherwise we're sensetive to a DOS attack by simply doing a
bunch of simultaneous telnet connections (deploys all availible TTY's).

This patch make login.c terminate the connection after  "TIMEOUT" seconds.
This commit is contained in:
Eric Andersen 2003-07-30 06:56:07 +00:00
parent eef2317b9f
commit d8ceba959a

View File

@ -86,11 +86,8 @@ extern int login_main(int argc, char **argv)
username[0]=0;
amroot = ( getuid ( ) == 0 );
signal ( SIGALRM, alarm_handler );
if (( argc > 1 ) && ( TIMEOUT > 0 )) {
alarm ( TIMEOUT );
alarmstarted = 1;
}
alarm ( TIMEOUT );
alarmstarted = 1;
while (( flag = getopt(argc, argv, "f:h:p")) != EOF ) {
switch ( flag ) {