beenull/ladybird
1
0
Fork 0
mirror of https://github.com/LadybirdBrowser/ladybird.git synced 2024-11-22 23:50:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 6

WebServer: Return 403 for a GET request to an inaccessible path

Browse source 
Previously, trying to access a non-readable file would cause a
connection reset in the browser; trying to access a non-executable
directory would show a completely empty directory listing.
This commit is contained in:
Tim Ledbetter 2023-09-15 18:05:25 +01:00 committed by Andrew Kaster
parent b2f0c50376
commit c9e4a82c04
Notes: sideshowbarker 2024-07-16 20:51:53 +09:00 
Author: https://github.com/tcl3
Commit: https://github.com/SerenityOS/serenity/commit/c9e4a82c04
Pull-request: https://github.com/SerenityOS/serenity/pull/21096
Reviewed-by: https://github.com/ADKaster
1 changed files with 12 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
Userland/Services/WebServer/Client.cpp
View file

@ -138,6 +138,12 @@ ErrorOr<bool> Client::handle_request(HTTP::HttpRequest const& request)
auto index_html_path = TRY(String::formatted("{}/index.html", real_path));
if (!FileSystem::exists(index_html_path)) {
auto is_searchable_or_error = Core::System::access(real_path.bytes_as_string_view(), X_OK);
if (is_searchable_or_error.is_error()) {
TRY(send_error_response(403, request));
return false;
}
TRY(handle_directory_listing(requested_path, real_path, request));
return true;
}
@ -149,6 +155,12 @@ ErrorOr<bool> Client::handle_request(HTTP::HttpRequest const& request)
return false;
}
auto is_readable_or_error = Core::System::access(real_path.bytes_as_string_view(), R_OK);
if (is_readable_or_error.is_error()) {
TRY(send_error_response(403, request));
return false;
}
if (FileSystem::is_device(real_path.bytes_as_string_view())) {
TRY(send_error_response(403, request));
return false;