Skip to content

Commit

Permalink
WebServer: Refuse to respond to requests for device files
Browse files Browse the repository at this point in the history 
Responding with some device files such as /dev/random never terminates,
so let's just refuse that.
  • Loading branch information
@MaxWipfli @awesomekling
MaxWipfli authored and awesomekling committed Jun 11, 2021
1 parent eb6adba commit 450a24c
Showing 1 changed file with 5 additions and 0 deletions.
5 changes: 5 additions & 0 deletions Userland/Services/WebServer/Client.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -116,6 +116,11 @@ void Client::handle_request(ReadonlyBytes raw_request)
return;
}

if (file->is_device()) {
send_error_response(403, request);
return;
}

Core::InputFileStream stream { file };

send_response(stream, request, Core::guess_mime_type_based_on_filename(real_path));
Expand Down

0 comments on commit 450a24c

Please sign in to comment.