Mercurial > dropbear
diff svr-auth.c @ 573:d3ea8b9672f0
- Test for pam_fail_delay() function in configure
- Recognise "username:" as a PAM prompt
- Add some randomness to the auth-failure delay
- Fix wrongly committed options.h/debug.h
| author | Matt Johnston <matt@ucc.asn.au> |
|---|---|
| date | Tue, 08 Sep 2009 14:53:53 +0000 |
| parents | d58c478bd399 |
| children | a98a2138364a |
line wrap: on
line diff
--- a/svr-auth.c Sat Sep 05 11:40:00 2009 +0000 +++ b/svr-auth.c Tue Sep 08 14:53:53 2009 +0000 @@ -33,6 +33,7 @@ #include "packet.h" #include "auth.h" #include "runopts.h" +#include "random.h" static void authclear(); static int checkusername(unsigned char *username, unsigned int userlen); @@ -337,7 +338,12 @@ encrypt_packet(); if (incrfail) { - usleep(300000); /* XXX improve this */ + unsigned int delay; + genrandom((unsigned char*)&delay, sizeof(delay)); + /* We delay for 300ms +- 50ms, 0.1ms granularity */ + delay = 250000 + (delay % 1000)*100; + usleep(delay); + dropbear_log(LOG_INFO, "delay is %d", delay); ses.authstate.failcount++; }