]> git.ipfire.org Git - thirdparty/openssh-portable.git/commitdiff
upstream: When clients get denied by MaxStartups, send a
authordtucker@openbsd.org <dtucker@openbsd.org>
Wed, 13 Nov 2019 11:25:11 +0000 (11:25 +0000)
committerDamien Miller <djm@mindrot.org>
Thu, 14 Nov 2019 21:50:10 +0000 (08:50 +1100)
noification prior to the SSH2 protocol banner according to RFC4253 section
4.2.  ok djm@ deraadt@ markus@

OpenBSD-Commit-ID: e5dabcb722d54dea18eafb336d50b733af4f9c63

sshd.c

diff --git a/sshd.c b/sshd.c
index e782a99f2225e0b25c024ff7048437e224d9743a..9d193c9eb5ff8304fca86e4efbd416d1c80df146 100644 (file)
--- a/sshd.c
+++ b/sshd.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshd.c,v 1.539 2019/10/31 21:23:19 djm Exp $ */
+/* $OpenBSD: sshd.c,v 1.540 2019/11/13 11:25:11 dtucker Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -1154,6 +1154,7 @@ server_accept_loop(int *sock_in, int *sock_out, int *newsock, int *config_s)
                        if (drop_connection(startups) == 1) {
                                char *laddr = get_local_ipaddr(*newsock);
                                char *raddr = get_peer_ipaddr(*newsock);
+                               char msg[] = "Exceeded MaxStartups\r\n";
 
                                verbose("drop connection #%d from [%s]:%d "
                                    "on [%s]:%d past MaxStartups", startups,
@@ -1161,6 +1162,8 @@ server_accept_loop(int *sock_in, int *sock_out, int *newsock, int *config_s)
                                    laddr, get_local_port(*newsock));
                                free(laddr);
                                free(raddr);
+                               /* best-effort notification to client */
+                               (void)write(*newsock, msg, strlen(msg));
                                close(*newsock);
                                continue;
                        }