mirror of
https://github.com/RGBCube/serenity
synced 2025-07-25 01:37:34 +00:00
WebServer: Don't display file on directory listing if stat call fails
Previously, the program would crash when attempting to display a symlink which pointed outside of the permitted directory.
This commit is contained in:
parent
1dd0791c7e
commit
b2f0c50376
1 changed files with 7 additions and 6 deletions
|
@ -19,13 +19,13 @@
|
|||
#include <LibCore/File.h>
|
||||
#include <LibCore/MappedFile.h>
|
||||
#include <LibCore/MimeData.h>
|
||||
#include <LibCore/System.h>
|
||||
#include <LibFileSystem/FileSystem.h>
|
||||
#include <LibHTTP/HttpRequest.h>
|
||||
#include <LibHTTP/HttpResponse.h>
|
||||
#include <WebServer/Client.h>
|
||||
#include <WebServer/Configuration.h>
|
||||
#include <stdio.h>
|
||||
#include <sys/stat.h>
|
||||
#include <unistd.h>
|
||||
|
||||
namespace WebServer {
|
||||
|
@ -290,13 +290,14 @@ ErrorOr<void> Client::handle_directory_listing(String const& requested_path, Str
|
|||
else
|
||||
TRY(path_builder.try_append(name));
|
||||
|
||||
struct stat st;
|
||||
memset(&st, 0, sizeof(st));
|
||||
int rc = stat(path_builder.to_deprecated_string().characters(), &st);
|
||||
if (rc < 0) {
|
||||
perror("stat");
|
||||
auto st_or_error = Core::System::stat(path_builder.string_view());
|
||||
if (st_or_error.is_error()) {
|
||||
warnln("Skipping file: '{}'. {}", path_builder.string_view(), strerror(st_or_error.error().code()));
|
||||
continue;
|
||||
}
|
||||
|
||||
auto st = st_or_error.release_value();
|
||||
|
||||
bool is_directory = S_ISDIR(st.st_mode);
|
||||
|
||||
TRY(builder.try_append("<tr>"sv));
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue