Commit 1e9d5c2c authored by Rob Swindell's avatar Rob Swindell

Treat every login failure with no password available as unique

When loginFailure() is called with NULL for the password argument, that indicates there was no password available (e.g. an aborted login attempt) - treat each of these as a unique (not duplicate) failed-login attempt. This'll trigger ban/filter thresholds sooner for clients that hammer servers and disconnect mid-login.
parent ade7841e
......@@ -3253,7 +3253,7 @@ ulong loginFailure(link_list_t* list, const union xp_sockaddr* addr, const char*
if((node=login_attempted(list, addr)) != NULL) {
attempt=node->data;
/* Don't count consecutive duplicate attempts (same name and password): */
if((user!=NULL && strcmp(attempt->user,user)==0) && (pass==NULL || strcmp(attempt->pass,pass)==0))
if((user!=NULL && strcmp(attempt->user,user)==0) && (pass!=NULL && strcmp(attempt->pass,pass)==0))
attempt->dupes++;
}
SAFECOPY(attempt->prot,prot);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment