From a1f4561fb2f90269b6cf62b95190bc628997b8c1 Mon Sep 17 00:00:00 2001
From: Nikos Mavrogiannopoulos <nmav@redhat.com>
Date: Thu, 19 Feb 2015 08:57:24 +0100
Subject: [PATCH 2/2] limit the number of newgroup attempts

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
---
 auth.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/auth.c b/auth.c
index 3ccfab2..0b452d9 100644
--- a/auth.c
+++ b/auth.c
@@ -1218,6 +1218,7 @@ int cstp_obtain_cookie(struct openconnect_info *vpninfo)
 	char *orig_host = NULL, *orig_path = NULL, *form_path = NULL;
 	int orig_port = 0;
 	int cert_rq, cert_sent = !vpninfo->cert;
+	int newgroup_attempts = 5;
 
 #ifdef HAVE_LIBSTOKEN
 	/* Step 1: Unlock software token (if applicable) */
@@ -1241,6 +1242,11 @@ int cstp_obtain_cookie(struct openconnect_info *vpninfo)
 	 * c) Three redirects without seeing a plausible login form
 	 */
 newgroup:
+	if (newgroup_attempts-- <= 0) {
+		result = -1;
+		goto out;
+	}
+
 	buf_truncate(request_body);
 	result = xmlpost_initial_req(vpninfo, request_body, 0);
 	if (result < 0)
-- 
2.1.0