From d8ceba959a9e8c6a62b20080bb745776e1644fb8 Mon Sep 17 00:00:00 2001
From: Eric Andersen <andersen@codepoet.org>
Date: Wed, 30 Jul 2003 06:56:07 +0000
Subject: Ronny L Nilsson writes:

The login process should always timeout if user don't login sucessfully within
reasonable time. Otherwise we're sensetive to a DOS attack by simply doing a
bunch of simultaneous telnet connections (deploys all availible TTY's).

This patch make login.c terminate the connection after  "TIMEOUT" seconds.
---
 loginutils/login.c | 7 ++-----
 1 file changed, 2 insertions(+), 5 deletions(-)

(limited to 'loginutils')

diff --git a/loginutils/login.c b/loginutils/login.c
index 741d15c93..c2bada258 100644
--- a/loginutils/login.c
+++ b/loginutils/login.c
@@ -86,12 +86,9 @@ extern int login_main(int argc, char **argv)
 	username[0]=0;
 	amroot = ( getuid ( ) == 0 );
 	signal ( SIGALRM, alarm_handler );
+	alarm ( TIMEOUT );
+	alarmstarted = 1;
 	
-	if (( argc > 1 ) && ( TIMEOUT > 0 )) {
-		alarm ( TIMEOUT );
-		alarmstarted = 1;
-	}
-
 	while (( flag = getopt(argc, argv, "f:h:p")) != EOF ) {
 		switch ( flag ) {
 		case 'p':
-- 
cgit v1.2.3