From 8c4e92932e54481c82985f0550bc0ccfec88c345 Mon Sep 17 00:00:00 2001
From: Fabian Keil <fk@fabiankeil.de>
Date: Tue, 9 Dec 2014 13:47:31 +0100
Subject: [PATCH 288/325] ggated: Remove connection if the initial packet
 couldn't be sent

Should help to mitigate DoS after flooding ggated
with incomplete requests:

   error: accept(): Software caused connection abort.
   error: Exiting.

Reported to security-officer@FreeBSD.org on 2014-12-09.

Obtained from: ElectroBSD
---
 sbin/ggate/ggated/ggated.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/sbin/ggate/ggated/ggated.c b/sbin/ggate/ggated/ggated.c
index afe16b625884..595845034993 100644
--- a/sbin/ggate/ggated/ggated.c
+++ b/sbin/ggate/ggated/ggated.c
@@ -943,6 +943,7 @@ handshake(struct sockaddr *from, int sfd)
 	if (data == -1) {
 		sendfail(sfd, errno, "Error while sending initial packet: %s.",
 		    strerror(errno));
+		connection_remove(conn);
 		return (0);
 	}
 
-- 
2.32.0