Merge branch 'feature/KASM-2665_bad_pw_403' into 'master'

Return 403 for too large Auth headers (attack)

Closes KASM-2665

See merge request kasm-technologies/internal/KasmVNC!44
This commit is contained in:
Matthew McClaskey 2022-05-24 14:55:05 +00:00
commit 330eb47142

View File

@ -948,6 +948,16 @@ notfound:
return 0; return 0;
} }
static void send403(ws_ctx_t *ws_ctx) {
const char response[] = "HTTP/1.1 403 Forbidden\r\n"
"Server: KasmVNC/4.0\r\n"
"Connection: close\r\n"
"Content-type: text/plain\r\n"
"\r\n"
"403 Forbidden";
ws_send(ws_ctx, response, strlen(response));
}
static uint8_t ownerapi_post(ws_ctx_t *ws_ctx, const char *in) { static uint8_t ownerapi_post(ws_ctx_t *ws_ctx, const char *in) {
char buf[4096], path[4096]; char buf[4096], path[4096];
uint8_t ret = 0; // 0 = continue checking uint8_t ret = 0; // 0 = continue checking
@ -1622,8 +1632,9 @@ ws_ctx_t *do_handshake(int sock, char * const ip) {
hdr += sizeof("Authorization: Basic ") - 1; hdr += sizeof("Authorization: Basic ") - 1;
const char *end = strchr(hdr, '\r'); const char *end = strchr(hdr, '\r');
if (!end || end - hdr > 256) { if (!end || end - hdr > 256) {
handler_emsg("Client sent invalid BasicAuth, dropping connection\n"); handler_emsg("Client sent invalid BasicAuth, 403 forbidden\n");
bl_addFailure(ip); bl_addFailure(ip);
send403(ws_ctx);
free_ws_ctx(ws_ctx); free_ws_ctx(ws_ctx);
return NULL; return NULL;
} }