[GUACAMOLE-587] RDP connections fail due to Guacamole protocol violation - ASF JIRA

Attach files

Attach Screenshot

Voters

Watch issue

Watchers

Create sub-task

Link

Clone

Update Comment Author

Replace String in Comment

Update Comment Visibility

Delete Comments

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Blocker
Resolution: Fixed
Affects Version/s: 1.0.0
Fix Version/s: 1.0.0
Component/s: libguac
Labels:
None

Description

The implementation of the Guacamole protocol within libguac enforces a limit on the number of elements a instruction may contain to ensure instruction space cannot be exhausted without bound by a malicious client. This limit is currently set at 64:

/**
 * The maximum number of elements per instruction, including the opcode.
 */
#define GUAC_INSTRUCTION_MAX_ELEMENTS 64

As ~~GUACAMOLE-445~~ added a 64th parameter to RDP, this means the client cannot send its connect response to the initial args instruction during the Guacamole protocol handshake without exceeding this limit, and connections cannot be established:

...
guacd[7]: ERROR:        Guacamole protocol violation. Perhaps the version of guacamole-client is incompatible with this version of libguac?
guacd[7]: DEBUG:        Error reading "connect": Instruction parse error
...