[openssh-commits] [openssh] 04/07: upstream: When clients get denied by MaxStartups, send a

[git+noreply at mindrot.org]

This is an automated email from the git hooks/post-receive script.

djm pushed a commit to branch master
in repository openssh.

commit fc173aeb1526d4268db89ec5dfebaf8750dd26cd
Author: dtucker at openbsd.org <dtucker at openbsd.org>
Date:   Wed Nov 13 11:25:11 2019 +0000

    upstream: When clients get denied by MaxStartups, send a
    
    noification prior to the SSH2 protocol banner according to RFC4253 section
    4.2.  ok djm@ deraadt@ markus@
    
    OpenBSD-Commit-ID: e5dabcb722d54dea18eafb336d50b733af4f9c63
---
 sshd.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/sshd.c b/sshd.c
index e782a99f..9d193c9e 100644
--- a/sshd.c
+++ b/sshd.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshd.c,v 1.539 2019/10/31 21:23:19 djm Exp $ */
+/* $OpenBSD: sshd.c,v 1.540 2019/11/13 11:25:11 dtucker Exp $ */
 /*
  * Author: Tatu Ylonen <ylo at cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
@@ -1154,6 +1154,7 @@ server_accept_loop(int *sock_in, int *sock_out, int *newsock, int *config_s)
 			if (drop_connection(startups) == 1) {
 				char *laddr = get_local_ipaddr(*newsock);
 				char *raddr = get_peer_ipaddr(*newsock);
+				char msg[] = "Exceeded MaxStartups\r\n";
 
 				verbose("drop connection #%d from [%s]:%d "
 				    "on [%s]:%d past MaxStartups", startups,
@@ -1161,6 +1162,8 @@ server_accept_loop(int *sock_in, int *sock_out, int *newsock, int *config_s)
 				    laddr, get_local_port(*newsock));
 				free(laddr);
 				free(raddr);
+				/* best-effort notification to client */
+				(void)write(*newsock, msg, strlen(msg));
 				close(*newsock);
 				continue;
 			}

-- 
To stop receiving notification emails like this one, please contact
djm at mindrot.org.