1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-07-25 01:37:34 +00:00

WebServer: Don't display file on directory listing if stat call fails

Previously, the program would crash when attempting to display a symlink
which pointed outside of the permitted directory.
This commit is contained in:
Tim Ledbetter 2023-09-15 18:05:20 +01:00 committed by Andrew Kaster
parent 1dd0791c7e
commit b2f0c50376

View file

@ -19,13 +19,13 @@
#include <LibCore/File.h>
#include <LibCore/MappedFile.h>
#include <LibCore/MimeData.h>
#include <LibCore/System.h>
#include <LibFileSystem/FileSystem.h>
#include <LibHTTP/HttpRequest.h>
#include <LibHTTP/HttpResponse.h>
#include <WebServer/Client.h>
#include <WebServer/Configuration.h>
#include <stdio.h>
#include <sys/stat.h>
#include <unistd.h>
namespace WebServer {
@ -290,13 +290,14 @@ ErrorOr<void> Client::handle_directory_listing(String const& requested_path, Str
else
TRY(path_builder.try_append(name));
struct stat st;
memset(&st, 0, sizeof(st));
int rc = stat(path_builder.to_deprecated_string().characters(), &st);
if (rc < 0) {
perror("stat");
auto st_or_error = Core::System::stat(path_builder.string_view());
if (st_or_error.is_error()) {
warnln("Skipping file: '{}'. {}", path_builder.string_view(), strerror(st_or_error.error().code()));
continue;
}
auto st = st_or_error.release_value();
bool is_directory = S_ISDIR(st.st_mode);
TRY(builder.try_append("<tr>"sv));