mirror of
https://github.com/kasmtech/KasmVNC.git
synced 2024-12-01 12:33:20 +01:00
Merge branch 'feature/KASM-2665_bad_pw_403' into 'master'
Return 403 for too large Auth headers (attack) Closes KASM-2665 See merge request kasm-technologies/internal/KasmVNC!44
This commit is contained in:
commit
330eb47142
@ -948,6 +948,16 @@ notfound:
|
|||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static void send403(ws_ctx_t *ws_ctx) {
|
||||||
|
const char response[] = "HTTP/1.1 403 Forbidden\r\n"
|
||||||
|
"Server: KasmVNC/4.0\r\n"
|
||||||
|
"Connection: close\r\n"
|
||||||
|
"Content-type: text/plain\r\n"
|
||||||
|
"\r\n"
|
||||||
|
"403 Forbidden";
|
||||||
|
ws_send(ws_ctx, response, strlen(response));
|
||||||
|
}
|
||||||
|
|
||||||
static uint8_t ownerapi_post(ws_ctx_t *ws_ctx, const char *in) {
|
static uint8_t ownerapi_post(ws_ctx_t *ws_ctx, const char *in) {
|
||||||
char buf[4096], path[4096];
|
char buf[4096], path[4096];
|
||||||
uint8_t ret = 0; // 0 = continue checking
|
uint8_t ret = 0; // 0 = continue checking
|
||||||
@ -1622,8 +1632,9 @@ ws_ctx_t *do_handshake(int sock, char * const ip) {
|
|||||||
hdr += sizeof("Authorization: Basic ") - 1;
|
hdr += sizeof("Authorization: Basic ") - 1;
|
||||||
const char *end = strchr(hdr, '\r');
|
const char *end = strchr(hdr, '\r');
|
||||||
if (!end || end - hdr > 256) {
|
if (!end || end - hdr > 256) {
|
||||||
handler_emsg("Client sent invalid BasicAuth, dropping connection\n");
|
handler_emsg("Client sent invalid BasicAuth, 403 forbidden\n");
|
||||||
bl_addFailure(ip);
|
bl_addFailure(ip);
|
||||||
|
send403(ws_ctx);
|
||||||
free_ws_ctx(ws_ctx);
|
free_ws_ctx(ws_ctx);
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user