WebServer: Refuse to respond to requests for device files

Responding with some device files such as /dev/random never terminates, so let's just refuse that.
author: Max Wipfli <mail@maxwipfli.ch> 2021-06-07 16:54:38 +0200
committer: Andreas Kling <kling@serenityos.org> 2021-06-11 11:37:15 +0200
commit: 450a24c8c95a8c8dab9d96f25ba92a9d94c881ae (patch)
tree: e392d70c59bc24eb20cb5f5cf18f8e3582966708 /Userland/Services
parent: eb6adbabefb39477507dd5a3250aad272be09c25 (diff)
download: serenity-450a24c8c95a8c8dab9d96f25ba92a9d94c881ae.zip
1 files changed, 5 insertions, 0 deletions
diff --git a/Userland/Services/WebServer/Client.cpp b/Userland/Services/WebServer/Client.cpp
index 9e15f7bb9c..ba1d1ebfeb 100644
--- a/Userland/Services/WebServer/Client.cpp
+++ b/Userland/Services/WebServer/Client.cpp
@@ -116,6 +116,11 @@ void Client::handle_request(ReadonlyBytes raw_request)
         return;
     }
 
+    if (file->is_device()) {
+        send_error_response(403, request);
+        return;
+    }
+
     Core::InputFileStream stream { file };
 
     send_response(stream, request, Core::guess_mime_type_based_on_filename(real_path));
author	Max Wipfli <mail@maxwipfli.ch>	2021-06-07 16:54:38 +0200
committer	Andreas Kling <kling@serenityos.org>	2021-06-11 11:37:15 +0200
commit	450a24c8c95a8c8dab9d96f25ba92a9d94c881ae (patch)
tree	e392d70c59bc24eb20cb5f5cf18f8e3582966708 /Userland/Services
parent	eb6adbabefb39477507dd5a3250aad272be09c25 (diff)
download	serenity-450a24c8c95a8c8dab9d96f25ba92a9d94c881ae.zip