From d8c32b1e820e7e3fee84792caf37e493faf7d6cd Mon Sep 17 00:00:00 2001 From: Michael Jumper Date: Thu, 25 Jun 2020 14:02:43 -0700 Subject: [PATCH] GUACAMOLE-474: Enforce download disable option at low level, warning if not blocked at higher level as expected. --- src/common-ssh/sftp.c | 9 +++++++++ src/protocols/rdp/download.c | 9 +++++++++ 2 files changed, 18 insertions(+) diff --git a/src/common-ssh/sftp.c b/src/common-ssh/sftp.c index e12fbf55..eba7a7f7 100644 --- a/src/common-ssh/sftp.c +++ b/src/common-ssh/sftp.c @@ -516,6 +516,15 @@ guac_stream* guac_common_ssh_sftp_download_file( guac_stream* stream; LIBSSH2_SFTP_HANDLE* file; + /* Ignore download if downloads have been disabled */ + if (filesystem->disable_download) { + guac_user_log(user, GUAC_LOG_WARNING, "A download attempt has " + "been blocked due to downloads being disabled, however it " + "should have been blocked at a higher level. This is likely " + "a bug."); + return NULL; + } + /* Attempt to open file for reading */ file = libssh2_sftp_open(filesystem->sftp_session, filename, LIBSSH2_FXF_READ, 0); diff --git a/src/protocols/rdp/download.c b/src/protocols/rdp/download.c index 34a8c8a1..fad2932a 100644 --- a/src/protocols/rdp/download.c +++ b/src/protocols/rdp/download.c @@ -185,6 +185,15 @@ void* guac_rdp_download_to_user(guac_user* user, void* data) { if (filesystem == NULL) return NULL; + /* Ignore download if downloads have been disabled */ + if (filesystem->disable_download) { + guac_client_log(client, GUAC_LOG_WARNING, "A download attempt has " + "been blocked due to downloads being disabled, however it " + "should have been blocked at a higher level. This is likely " + "a bug."); + return NULL; + } + /* Attempt to open requested file */ char* path = (char*) data; int file_id = guac_rdp_fs_open(filesystem, path,