GitLab/ocserv
1
0
Fork 0
mirror of https://gitlab.com/openconnect/ocserv.git synced 2026-02-09 08:16:58 +08:00
Code Issues Packages Projects Releases Wiki Activity

Fix premature ban score reset for short ban periods

Browse Source 
When ban period is minimal, the 'now > e->expires' condition alone
cleared scores before a client was banned.

Signed-off-by: Grigory Trenin <grigory.trenin@gmail.com>
This commit is contained in:
Grigory Trenin
2025-12-21 16:17:48 -05:00
committed by Nikos Mavrogiannopoulos
parent 0f53e0d6d9
commit dbbe6de40c
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/main-ban.c
View File

@@ -163,11 +163,11 @@ static int add_ip_to_ban_list(main_server_st *s, const unsigned char *ip,
}
} else {
/* Reset the score if:
* - ban period ended (now > e->expires)
* - ban period ended (now > e->expires && IS_BANNED)
* - reset interval elapsed AND user not currently banned
* (to avoid prematurely lifting an active ban)
*/
if (now > e->expires ||
if ((now > e->expires && IS_BANNED(s, e)) ||
(now > e->last_reset + GETCONFIG(s)->ban_reset_time &&
!IS_BANNED(s, e))) {
e->score = 0;