emo/busybox
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Ronny L Nilsson writes:

Browse Source 
The login process should always timeout if user don't login sucessfully within
reasonable time. Otherwise we're sensetive to a DOS attack by simply doing a
bunch of simultaneous telnet connections (deploys all availible TTY's).

This patch make login.c terminate the connection after  "TIMEOUT" seconds.
This commit is contained in:
Eric Andersen 2003-07-30 06:56:07 +00:00
parent eef2317b9f
commit d8ceba959a
1 changed files with 2 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
loginutils/login.c
View File

@ -86,12 +86,9 @@ extern int login_main(int argc, char **argv)
username[0]=0; username[0]=0;
amroot = ( getuid ( ) == 0 ); amroot = ( getuid ( ) == 0 );
signal ( SIGALRM, alarm_handler ); signal ( SIGALRM, alarm_handler );
alarm ( TIMEOUT );
alarmstarted = 1;
if (( argc > 1 ) && ( TIMEOUT > 0 )) {
alarm ( TIMEOUT );
alarmstarted = 1;
}
while (( flag = getopt(argc, argv, "f:h:p")) != EOF ) { while (( flag = getopt(argc, argv, "f:h:p")) != EOF ) {
switch ( flag ) { switch ( flag ) {
case 'p': case 'p':