apache · necouchman · May 9, 2024 · May 6, 2024
diff --git a/...-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/connection/ConnectionService.java b/...-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/connection/ConnectionService.java
@@ -29,6 +29,8 @@
 import java.util.Map;
 import java.util.Set;
 import org.apache.guacamole.auth.jdbc.user.ModeledAuthenticatedUser;
+import org.apache.guacamole.language.TranslatableGuacamoleClientOverrunException;
+import org.apache.guacamole.language.TranslatableMessage;
 import org.apache.guacamole.auth.jdbc.base.ModeledDirectoryObjectMapper;
 import org.apache.guacamole.auth.jdbc.tunnel.GuacamoleTunnelService;
 import org.apache.guacamole.GuacamoleClientException;
@@ -89,6 +91,11 @@ public class ConnectionService extends ModeledChildDirectoryObjectService<Modele
      */
     @Inject
     private GuacamoleTunnelService tunnelService;
+
+    /**
+     * Known limit for the size of the connection parameter values.
+     */
+    private static final int CONNECTION_PARAMETER_VALUE_LIMIT = 4096;
 
     @Override
     protected ModeledDirectoryObjectMapper<ConnectionModel> getObjectMapper() {
@@ -154,11 +161,50 @@ protected ObjectPermissionSet getParentEffectivePermissionSet(ModeledAuthenticat
 
     }
 
+    /**
+     * Validates that all connection parameter values are within the expected size limit.
+     *
+     * @param parameters
+     *     The map of connection parameter name/value pairs to validate.
+     *
+     * @throws GuacamoleClientException
+     *     If any of the parameter values exceed the defined limit.
+     */
+    private void validateParameters(Map<String, String> parameters) throws GuacamoleClientException {
+        // Iterate through each parameter to validate its size
+        for (Map.Entry<String, String> parameter : parameters.entrySet()) {
+            String value = parameter.getValue();
+
+            // Check if parameter value exceeds size limit
+            if (value != null && value.length() > CONNECTION_PARAMETER_VALUE_LIMIT) {
+
+                Map<String, Object> vars = new HashMap<>();
+                vars.put("MAX_SIZE", CONNECTION_PARAMETER_VALUE_LIMIT);
+                vars.put("PARAMETER_NAME", parameter.getKey());
+
+                // Create a translatable message with the error key and substitution variables
+                TranslatableMessage translatableMessage = new TranslatableMessage(
+                    "CONNECTION_PARAMETERS.DATABASE_PARAMETER_VALUE_TOO_LONG",
+                    vars
+                );
+
+                throw new TranslatableGuacamoleClientOverrunException(
+                    "The value provided for connection parameter \"" + parameter.getKey() +
+                    "\" exceeds the maximum allowed length.",
+                    translatableMessage
+                );
+            }
+        }
+    }
+
     @Override
     protected void beforeCreate(ModeledAuthenticatedUser user,
             Connection object, ConnectionModel model)
             throws GuacamoleException {
 
+        // Validate parameters before saving
+        validateParameters(object.getConfiguration().getParameters());
+
         super.beforeCreate(user, object, model);
 
         // Name must not be blank
@@ -177,6 +223,9 @@ protected void beforeUpdate(ModeledAuthenticatedUser user,
             ModeledConnection object, ConnectionModel model)
             throws GuacamoleException {
 
+        // Validate parameters before saving
+        validateParameters(object.getConfiguration().getParameters());
+
         super.beforeUpdate(user, object, model);
 
         // Name must not be blank

diff --git a/...camole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/resources/translations/en.json b/...camole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/resources/translations/en.json
@@ -108,6 +108,10 @@
 
         "SECTION_HEADER_RESTRICTIONS" : "Group Restrictions"
 
-    }
+    },
+
+    "CONNECTION_PARAMETERS": {
+        "DATABASE_PARAMETER_VALUE_TOO_LONG": "The value provided for connection parameter {PARAMETER_NAME} exceeds the maximum allowed length of {MAX_SIZE} {MAX_SIZE, plural, one{character} other{characters}}."
+    } 
 
 }