From e5b9b6d70103d1f0e4ce201b8ffd5356f9518cf5 Mon Sep 17 00:00:00 2001
From: Miroslav Lichvar <mlichvar@redhat.com>
Date: Tue, 16 Jul 2019 17:15:03 +0200
Subject: [PATCH] cmdmon: limit rate of all responses

Include responses to invalid requests in the rate limiting enabled by
the cmdratelimit directive.
---
 cmdmon.c | 18 +++++++++---------
 1 file changed, 9 insertions(+), 9 deletions(-)

diff --git a/cmdmon.c b/cmdmon.c
index 79b77aa..f8f30e2 100644
--- a/cmdmon.c
+++ b/cmdmon.c
@@ -1341,6 +1341,15 @@ read_from_cmd_socket(int sock_fd, int event, void *anything)
     return;
   }
 
+  log_index = CLG_LogCommandAccess(&remote_ip, &cooked_now);
+
+  /* Don't reply to all requests from hosts other than localhost if the rate
+     is excessive */
+  if (!localhost && log_index >= 0 && CLG_LimitCommandResponseRate(log_index)) {
+      DEBUG_LOG("Command packet discarded to limit response rate");
+      return;
+  }
+
   expected_length = PKL_CommandLength(&rx_message);
   rx_command = ntohs(rx_message.command);
 
@@ -1384,15 +1393,6 @@ read_from_cmd_socket(int sock_fd, int event, void *anything)
 
   /* OK, we have a valid message.  Now dispatch on message type and process it. */
 
-  log_index = CLG_LogCommandAccess(&remote_ip, &cooked_now);
-
-  /* Don't reply to all requests from hosts other than localhost if the rate
-     is excessive */
-  if (!localhost && log_index >= 0 && CLG_LimitCommandResponseRate(log_index)) {
-      DEBUG_LOG("Command packet discarded to limit response rate");
-      return;
-  }
-
   if (rx_command >= N_REQUEST_TYPES) {
     /* This should be already handled */
     assert(0);