From b91e77719928033321808776280a852f34b79d10 Mon Sep 17 00:00:00 2001
From: "Rob Swindell (on Debian Linux)" <rob@synchro.net>
Date: Sat, 18 Mar 2023 14:43:45 -0700
Subject: [PATCH] Apply inactive_hangup option (for dumb terminals) using
 max_socket_inactivity

this insures that inactive dumb (bot) connections will be disconnected even
when using a script (e.g. animated pause prompt) that doesn't time-out.

Also, if the connected node is the last node (for this sbbs instance), divide
the socket inactivity timeout value in half.

These changes (along with sbbs v3.20) should help with DOS (denial-of-service,
not MS-DOS) prevention.

Mainly for Krueger.
---
 exec/login.js | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

diff --git a/exec/login.js b/exec/login.js
index 31757f02ce..1af5fc7543 100644
--- a/exec/login.js
+++ b/exec/login.js
@@ -22,10 +22,17 @@ var guest = options.guest && system.matchuser("guest");
 
 if(!bbs.online)
 	exit();
-if(!(console.autoterm&(USER_ANSI | USER_PETSCII | USER_UTF8))) {
-	console.inactivity_hangup = parseInt(options.inactive_hangup, 10);
-	log(LOG_NOTICE, "terminal not detected, reducing inactivity hang-up timeout to " + console.inactivity_hangup + " seconds");
+var inactive_hangup = parseInt(options.inactive_hangup, 10);
+if(inactive_hangup && inactive_hangup < console.max_socket_inactivity
+	&& !(console.autoterm&(USER_ANSI | USER_PETSCII | USER_UTF8))) {
+	console.max_socket_inactivity = inactive_hangup;
+	log(LOG_NOTICE, "terminal not detected, reducing inactivity hang-up timeout to " + console.max_socket_inactivity + " seconds");
 }
+if(console.max_socket_inactivity > 0 && bbs.node_num == bbs.last_node) {
+	console.max_socket_inactivity /= 2;
+	log(LOG_NOTICE, "last node login inactivity timeout reduced to " + console.max_socket_inactivity);
+}
+
 for(var c=0; c < options.login_prompts; c++) {
 
 	// The "node sync" is required for sysop interruption/chat/etc.
-- 
GitLab