Implement new configuration option "MaxPenaltyTime" (#251)

[ngircd-alex.git] / src / ngircd / conn-func.c

diff --git a/src/ngircd/conn-func.c b/src/ngircd/conn-func.c
index ed58f7280254bfad8b647fe57c2383253cbcd3c4..72d38b8621ff559c9c93903989e7c091b018be79 100644 (file)
--- a/src/ngircd/conn-func.c
+++ b/src/ngircd/conn-func.c
@@ -26,6 +26,7 @@
 #endif
 #include "conn.h"
 
+#include "conf.h"
 #include "conn-func.h"
 
 /**
@@ -97,6 +98,14 @@ Conn_SetPenalty(CONN_ID Idx, time_t Seconds)
        assert(Idx > NONE);
        assert(Seconds >= 0);
 
+       /* Limit new penalty to maximum configured, when less than 10 seconds. *
+          The latter is used to limit brute force attacks, therefore we don't *
+          want to limit that! */
+       if (Conf_MaxPenaltyTime >= 0
+           && Seconds > Conf_MaxPenaltyTime
+           && Seconds < 10)
+               Seconds = Conf_MaxPenaltyTime;
+
        t = time(NULL);
        if (My_Connections[Idx].delaytime < t)
                My_Connections[Idx].delaytime = t;