Ronny L Nilsson writes:

The login process should always timeout if user don't login sucessfully within reasonable time. Otherwise we're sensetive to a DOS attack by simply doing a bunch of simultaneous telnet connections (deploys all availible TTY's). This patch make login.c terminate the connection after "TIMEOUT" seconds.
author: Eric Andersen <andersen@codepoet.org> 2003-07-30 06:56:07 +0000
committer: Eric Andersen <andersen@codepoet.org> 2003-07-30 06:56:07 +0000
commit: d8ceba959a9e8c6a62b20080bb745776e1644fb8 (patch)
tree: 2c03f03a698192213664f0d3998ab9591133c69a
parent: eef2317b9f5bdd362a7b8a0169c688245374f0f5 (diff)
download: busybox-w32-d8ceba959a9e8c6a62b20080bb745776e1644fb8.tar.gz
busybox-w32-d8ceba959a9e8c6a62b20080bb745776e1644fb8.tar.bz2
busybox-w32-d8ceba959a9e8c6a62b20080bb745776e1644fb8.zip
1 files changed, 2 insertions, 5 deletions
diff --git a/loginutils/login.c b/loginutils/login.c
index 741d15c93..c2bada258 100644
--- a/loginutils/login.c
+++ b/loginutils/login.c
@@ -86,12 +86,9 @@ extern int login_main(int argc, char **argv)
        username[0]=0;
        amroot = ( getuid ( ) == 0 );
        signal ( SIGALRM, alarm_handler );
+        alarm ( TIMEOUT );
+        alarmstarted = 1;
        
-        if (( argc > 1 ) && ( TIMEOUT > 0 )) {
-                alarm ( TIMEOUT );
-                alarmstarted = 1;
-        }
        while (( flag = getopt(argc, argv, "f:h:p")) != EOF ) {
                switch ( flag ) {
                case 'p':
author	Eric Andersen <andersen@codepoet.org>	2003-07-30 06:56:07 +0000
committer	Eric Andersen <andersen@codepoet.org>	2003-07-30 06:56:07 +0000
commit	d8ceba959a9e8c6a62b20080bb745776e1644fb8 (patch)
tree	2c03f03a698192213664f0d3998ab9591133c69a
parent	eef2317b9f5bdd362a7b8a0169c688245374f0f5 (diff)
download	busybox-w32-d8ceba959a9e8c6a62b20080bb745776e1644fb8.tar.gz busybox-w32-d8ceba959a9e8c6a62b20080bb745776e1644fb8.tar.bz2 busybox-w32-d8ceba959a9e8c6a62b20080bb745776e1644fb8.zip