1 --- pure-ftpd/src/ftpd.c.orig 2007-12-20 09:59:10.629736723 +0100
2 +++ pure-ftpd/src/ftpd.c 2007-12-20 10:02:06.655676098 +0100
7 +static void randomsleep(unsigned int t) {
8 + usleep2((unsigned long) (zrand() % PASSWD_FAILURE_DELAY));
9 + usleep2(t * PASSWD_FAILURE_DELAY);
12 void dopass(char *password)
14 static unsigned int tapping;
15 @@ -1571,27 +1576,28 @@
18 if (authresult.auth_ok != 1) {
19 - addreply_noformat(530, MSG_AUTH_FAILED);
21 - if (tapping >= MAX_PASSWD_TRIES) {
23 - logfile(LOG_ERR, MSG_AUTH_TOOMANY);
24 - _EXIT(EXIT_FAILURE);
26 - logfile(LOG_WARNING, MSG_AUTH_FAILED_LOG, account);
29 - usleep2((unsigned long) (zrand() % PASSWD_FAILURE_DELAY));
30 - usleep2(tapping * PASSWD_FAILURE_DELAY);
31 + randomsleep(tapping);
32 + addreply_noformat(530, MSG_AUTH_FAILED);
34 + if (tapping > MAX_PASSWD_TRIES) {
35 + logfile(LOG_ERR, MSG_AUTH_TOOMANY);
36 + _EXIT(EXIT_FAILURE);
38 + logfile(LOG_WARNING, MSG_AUTH_FAILED_LOG, account);
41 if (authresult.uid < useruid) {
42 logfile(LOG_WARNING, MSG_ACCOUNT_DISABLED, account);
43 + randomsleep(tapping);
44 if (tapping >= MAX_PASSWD_TRIES) {
46 + addreply_noformat(530, MSG_AUTH_FAILED);
48 + _EXIT(EXIT_FAILURE);
50 - addreply_noformat(530, MSG_NOTRUST);
52 + addreply_noformat(530, MSG_NOTRUST);
57 #ifdef PER_USER_LIMITS