Describe the bug
Larger requests are not processed correctly. I discovered this while setting up KasmVNC behind Cloudflare Access - which adds few long (but valid) headers (few Cookies or base64 encoded client certificate or JWT etc).
System Description
Provide the output of
root@1f621a4949d9:/# cat /etc/os-release
NAME="Alpine Linux"
ID=alpine
VERSION_ID=3.19.1
PRETTY_NAME="Alpine Linux v3.19"
HOME_URL="https://alpinelinux.org/"
BUG_REPORT_URL="https://gitlab.alpinelinux.org/alpine/aports/-/issues"
root@1f621a4949d9:/# uname -a
Linux 1f621a4949d9 6.5.11-linuxkit #1 SMP PREEMPT Wed Dec 6 17:08:31 UTC 2023 aarch64 GNU/Linux
root@1f621a4949d9:/#
KasmVNC Details
Provide the filename of the package you installed KasmVNC with. The filename includes important details like the OS, architecture, and commit sha.
Provide the output of this command.
root@1f621a4949d9:/# Xvnc -version
Xvnc KasmVNC 1.2.0 - built Mar 23 2024 18:46:06
Copyright (C) 1999-2018 KasmVNC Team and many others (see README.me)
See http://kasmweb.com for information on KasmVNC.
Underlying X server release 12014000, The X.Org Foundation
root@1f621a4949d9:/#
Confirmed. We're adding better logging and increasing the allowed request size. Very large headers are usually attacks instead of valid users, but Cloudflare cookies do seem large.
Describe the bug Larger requests are not processed correctly. I discovered this while setting up KasmVNC behind Cloudflare Access - which adds few long (but valid) headers (few Cookies or base64 encoded client certificate or JWT etc).
System Description Provide the output of
KasmVNC Details Provide the filename of the package you installed KasmVNC with. The filename includes important details like the OS, architecture, and commit sha.
Provide the output of this command.
To Reproduce Working request:
Broken request (few bytes more):
Expected behavior KasmVNC continues to work with larger client requests.
Additional context This doesn't seem to be the limit of individual header size, but rather a total client request size. It is possible to trigger this behaviour via multiple smaller headers. I believe the limit may come from https://raw.githubusercontent.com/kasmtech/KasmVNC/master/common/network/websocket.c