From 450a24c8c95a8c8dab9d96f25ba92a9d94c881ae Mon Sep 17 00:00:00 2001 From: Max Wipfli Date: Mon, 7 Jun 2021 16:54:38 +0200 Subject: WebServer: Refuse to respond to requests for device files Responding with some device files such as /dev/random never terminates, so let's just refuse that. --- Userland/Services/WebServer/Client.cpp | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'Userland/Services') diff --git a/Userland/Services/WebServer/Client.cpp b/Userland/Services/WebServer/Client.cpp index 9e15f7bb9c..ba1d1ebfeb 100644 --- a/Userland/Services/WebServer/Client.cpp +++ b/Userland/Services/WebServer/Client.cpp @@ -116,6 +116,11 @@ void Client::handle_request(ReadonlyBytes raw_request) return; } + if (file->is_device()) { + send_error_response(403, request); + return; + } + Core::InputFileStream stream { file }; send_response(stream, request, Core::guess_mime_type_based_on_filename(real_path)); -- cgit v1.2.3