upstream: stricter check for overfull tables in penalty record path

author djm@openbsd.org <djm@openbsd.org>

Thu, 20 Jun 2024 00:18:05 +0000 (00:18 +0000)

committer Damien Miller <djm@mindrot.org>

Thu, 20 Jun 2024 00:19:10 +0000 (10:19 +1000)
author djm@openbsd.org <djm@openbsd.org>
Thu, 20 Jun 2024 00:18:05 +0000 (00:18 +0000)
committer Damien Miller <djm@mindrot.org>
Thu, 20 Jun 2024 00:19:10 +0000 (10:19 +1000)
diff --git a/srclimit.c b/srclimit.c

index 837e82606e111d0b8852657398adc9e5d8ecccce..3dbdbf67526214b4396e717a5367773b8c2d61f6 100644 (file)
--- a/srclimit.c
+++ b/srclimit.c
@@ -405,7 +405,7 @@ srclimit_penalise(struct xaddr *addr, int penalty_type)
             penalty_cfg.overflow_mode : penalty_cfg.overflow_mode6;
         npenaltiesp = addr->af == AF_INET ?  &npenalties4 : &npenalties6;
         t = addr->af == AF_INET ? "ipv4" : "ipv6";
-       if (*npenaltiesp > (size_t)max_sources &&
+       if (*npenaltiesp >= (size_t)max_sources &&
             overflow_mode == PER_SOURCE_PENALTY_OVERFLOW_DENY_ALL) {
                 verbose_f("%s penalty table full, cannot penalise %s for %s", t,
                     addrnetmask, reason);
author	djm@openbsd.org <djm@openbsd.org>
	Thu, 20 Jun 2024 00:18:05 +0000 (00:18 +0000)
committer	Damien Miller <djm@mindrot.org>
	Thu, 20 Jun 2024 00:19:10 +0000 (10:19 +1000)