Skip to content
Snippets Groups Projects
Commit 1e9d5c2c authored by Rob Swindell's avatar Rob Swindell :speech_balloon:
Browse files

Treat every login failure with no password available as unique 

When loginFailure() is called with NULL for the password argument, that indicates there was no password available (e.g. an aborted login attempt) - treat each of these as a unique (not duplicate) failed-login attempt. This'll trigger ban/filter thresholds sooner for clients that hammer servers and disconnect mid-login.
parent ade7841e
No related branches found
No related tags found
1 merge request!463MRC mods by Codefenix (2024-10-20)
Show whitespace changes
Inline Side-by-side
Showing
with 1 addition and 1 deletion
src/sbbs3/userdat.c
+ 1
1
View file @ 1e9d5c2c
...@@ -3253,7 +3253,7 @@ ulong loginFailure(link_list_t* list, const union xp_sockaddr* addr, const char* ...@@ -3253,7 +3253,7 @@ ulong loginFailure(link_list_t* list, const union xp_sockaddr* addr, const char*
if((node=login_attempted(list, addr)) != NULL) { if((node=login_attempted(list, addr)) != NULL) {
attempt=node->data; attempt=node->data;
/* Don't count consecutive duplicate attempts (same name and password): */ /* Don't count consecutive duplicate attempts (same name and password): */
if((user!=NULL && strcmp(attempt->user,user)==0) && (pass==NULL || strcmp(attempt->pass,pass)==0)) if((user!=NULL && strcmp(attempt->user,user)==0) && (pass!=NULL && strcmp(attempt->pass,pass)==0))
attempt->dupes++; attempt->dupes++;
} }
SAFECOPY(attempt->prot,prot); SAFECOPY(attempt->prot,prot);
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment