From 73c3bda8cd14ea2882b1f6b5065dc38ec219182c Mon Sep 17 00:00:00 2001
From: Lauri Kasanen <cand@gmx.com>
Date: Mon, 6 Nov 2023 13:59:37 +0200
Subject: [PATCH] Fix off-by-one in username length check

---
 common/network/websocket.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/common/network/websocket.c b/common/network/websocket.c
index 816eb2e..6aa6e90 100644
--- a/common/network/websocket.c
+++ b/common/network/websocket.c
@@ -1794,7 +1794,7 @@ ws_ctx_t *do_handshake(int sock, char * const ip) {
         if (resppw && *resppw)
             resppw++;
         if (settings.passwdfile) {
-            if (resppw && *resppw && resppw - response < 32) {
+            if (resppw && *resppw && resppw - response < USERNAME_LEN + 1) {
                 char pwbuf[4096];
                 struct kasmpasswd_t *set = readkasmpasswd(settings.passwdfile);
                 if (!set->num) {