bin/59213: blocklistd/ftpd: Allow the nfail counter to be reset once a valid login occurs

To: gnats-admin%netbsd.org@localhost,netbsd-bugs%netbsd.org@localhost
Subject: bin/59213: blocklistd/ftpd: Allow the nfail counter to be reset once a valid login occurs
From: jlduran%gmail.com@localhost
Date: Tue, 25 Mar 2025 20:55:00 +0000 (UTC)

>Number:         59213
>Category:       bin
>Synopsis:       blocklistd/ftpd: Allow the nfail counter to be reset once a valid login occurs
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    bin-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Tue Mar 25 20:55:00 +0000 2025
>Originator:     Jose Luis Duran
>Release:        trunk
>Organization:
>Environment:
>Description:
Similar to bin/59108, but for ftpd.
Allow the nfail (number of failed attempts) blocklistctl counter to be reset once a valid FTP login occurs.  Otherwise, the counter never resets, and after a reboot the system could start blocked for a given IP.
>How-To-Repeat:
Similar to bin/59108, but for ftpd.

>Fix:
Obtained from: FreeBSD

--- a/libexec/ftpd/ftpd.c
+++ b/libexec/ftpd/ftpd.c
@@ -1432,7 +1432,8 @@ do_pass(int pass_checked, int pass_rval, const char *passwd)
 				exit(0);
 			}
 			return;
-		}
+		} else
+			pfilter_notify(0, "success");
 	}

 			/* password ok; check if anything else prevents login */

Prev by Date: Re: kern/59084 (exec/spawn leaks register content)
Next by Date: bin/59214: blocklist: ssh: Add Failed PAM authentication probe
Previous by Thread: Re: kern/59084 (exec/spawn leaks register content)
Next by Thread: bin/59214: blocklist: ssh: Add Failed PAM authentication probe
Indexes:

Home | Main Index | Thread Index | Old Index