From 26c8b5896580891b3e2dcdf515dedb15e145b6e2 Mon Sep 17 00:00:00 2001
From: John Safranek <john@wolfssl.com>
Date: Wed, 20 Mar 2024 15:28:01 -0700
Subject: [PATCH] Messaging Filtering

1. Add a case for user authentication messages after user authentication
   completes.
---
 src/internal.c | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/src/internal.c b/src/internal.c
index 6575c3b9c..3adeda6e1 100644
--- a/src/internal.c
+++ b/src/internal.c
@@ -586,6 +586,14 @@ INLINE static int IsMessageAllowedServer(WOLFSSH *ssh, byte msg)
             return 0;
         }
     }
+    else {
+        if (msg >= MSGID_USERAUTH_RESTRICT && msg < MSGID_USERAUTH_LIMIT) {
+            WLOG(WS_LOG_DEBUG, "Message ID %u not allowed by server "
+                    "after user authentication", msg);
+            return 0;
+        }
+    }
+
     return 1;
 }
 #endif /* NO_WOLFSSH_SERVER */
@@ -617,6 +625,13 @@ INLINE static int IsMessageAllowedClient(WOLFSSH *ssh, byte msg)
             return 0;
         }
     }
+    else {
+        if (msg >= MSGID_USERAUTH_RESTRICT && msg < MSGID_USERAUTH_LIMIT) {
+            WLOG(WS_LOG_DEBUG, "Message ID %u not allowed by client "
+                    "after user authentication", msg);
+            return 0;
+        }
+    }
     return 1;
 }
 #endif /* NO_WOLFSSH_CLIENT */