rpms/openssh
7
0
Fork 2
Code Issues Pull Requests Releases Activity
4ca20e1c2c
openssh/openssh-9.9p1-maxstartups-mistracking.patch
Zoltan Fridrich 952d882d0a Fix mistracking of MaxStartups process exits in some situations 
Resolves: RHEL-121768

Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
2026-03-12 16:44:06 +01:00

74 lines
2.6 KiB
Diff
Raw Blame History

diff --color -ruNp a/srclimit.c b/srclimit.c
--- a/srclimit.c 2024-09-20 00:20:48.000000000 +0200
+++ b/srclimit.c 2026-03-06 13:30:48.408309619 +0100
@@ -427,7 +427,9 @@ srclimit_penalise(struct xaddr *addr, in
penalty->active = 1;
if (RB_INSERT(penalties_by_expiry, by_expiry, penalty) != NULL)
fatal_f("internal error: %s penalty tables corrupt", t);
- verbose_f("%s: new %s %s penalty of %d seconds for %s", t,
+ do_log2_f(penalty->active ?
+ SYSLOG_LEVEL_INFO : SYSLOG_LEVEL_VERBOSE,
+ "%s: new %s %s penalty of %d seconds for %s", t,
addrnetmask, penalty->active ? "active" : "deferred",
penalty_secs, reason);
if (++(*npenaltiesp) > (size_t)max_sources)
@@ -446,7 +448,7 @@ srclimit_penalise(struct xaddr *addr, in
existing->expiry = now + penalty_cfg.penalty_max;
if (existing->expiry - now > penalty_cfg.penalty_min &&
!existing->active) {
- verbose_f("%s: activating %s penalty of %lld seconds for %s",
+ logit_f("%s: activating %s penalty of %lld seconds for %s",
addrnetmask, t, (long long)(existing->expiry - now),
reason);
existing->active = 1;
diff --color -ruNp a/sshd.c b/sshd.c
--- a/sshd.c 2026-03-06 13:10:52.653617548 +0100
+++ b/sshd.c 2026-03-06 13:24:50.865079998 +0100
@@ -291,8 +291,10 @@ child_finish(struct early_child *child)
{
if (children_active == 0)
fatal_f("internal error: children_active underflow");
- if (child->pipefd != -1)
+ if (child->pipefd != -1) {
+ srclimit_done(child->pipefd);
close(child->pipefd);
+ }
free(child->id);
memset(child, '\0', sizeof(*child));
child->pipefd = -1;
@@ -311,6 +313,7 @@ child_close(struct early_child *child, i
if (!quiet)
debug_f("enter%s", force_final ? " (forcing)" : "");
if (child->pipefd != -1) {
+ srclimit_done(child->pipefd);
close(child->pipefd);
child->pipefd = -1;
}
@@ -978,10 +981,11 @@ server_accept_loop(int *sock_in, int *so
}
/* FALLTHROUGH */
case 0:
- /* child exited preauth */
+ /* child closed pipe */
if (children[i].early)
listening--;
- srclimit_done(children[i].pipefd);
+ debug3_f("child %lu for %s closed pipe",
+ (long)children[i].pid, children[i].id);
child_close(&(children[i]), 0, 0);
break;
case 1:
@@ -1003,6 +1007,12 @@ server_accept_loop(int *sock_in, int *so
"child %ld for %s in state %d",
(int)c, (long)children[i].pid,
children[i].id, children[i].early);
+
+ if (children[i].early)
+ listening--;
+ if (children[i].pid > 0)
+ kill(children[i].pid, SIGTERM);
+ child_close(&(children[i]), 0, 0);
}
break;
}
Reference in New Issue View Git Blame Copy Permalink