From c9e4a82c046824edb53a2151584c61b83b5b873f Mon Sep 17 00:00:00 2001
From: Tim Ledbetter <timledbetter@gmail.com>
Date: Fri, 15 Sep 2023 18:05:25 +0100
Subject: [PATCH] WebServer: Return 403 for a GET request to an inaccessible
 path

Previously, trying to access a non-readable file would cause a
connection reset in the browser; trying to access a non-executable
directory would show a completely empty directory listing.
---
 Userland/Services/WebServer/Client.cpp | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/Userland/Services/WebServer/Client.cpp b/Userland/Services/WebServer/Client.cpp
index 8c3fcd7f16..d2f6663885 100644
--- a/Userland/Services/WebServer/Client.cpp
+++ b/Userland/Services/WebServer/Client.cpp
@@ -138,6 +138,12 @@ ErrorOr<bool> Client::handle_request(HTTP::HttpRequest const& request)
 
         auto index_html_path = TRY(String::formatted("{}/index.html", real_path));
         if (!FileSystem::exists(index_html_path)) {
+            auto is_searchable_or_error = Core::System::access(real_path.bytes_as_string_view(), X_OK);
+            if (is_searchable_or_error.is_error()) {
+                TRY(send_error_response(403, request));
+                return false;
+            }
+
             TRY(handle_directory_listing(requested_path, real_path, request));
             return true;
         }
@@ -149,6 +155,12 @@ ErrorOr<bool> Client::handle_request(HTTP::HttpRequest const& request)
         return false;
     }
 
+    auto is_readable_or_error = Core::System::access(real_path.bytes_as_string_view(), R_OK);
+    if (is_readable_or_error.is_error()) {
+        TRY(send_error_response(403, request));
+        return false;
+    }
+
     if (FileSystem::is_device(real_path.bytes_as_string_view())) {
         TRY(send_error_response(403, request));
         return false;