From aa2b24d861fd5635ea2a6f5be2977b14eb68d57b Mon Sep 17 00:00:00 2001 From: Mechiel Lukkien Date: Wed, 5 Mar 2025 21:27:32 +0100 Subject: [PATCH] webserver: don't raise a 500 server error for static file requests with overlong names The Open call returns an errno ENAMETOOLONG. We didn't handle that specially, so turned it into a "500 internal server error" response. When serving static files, we should just return "404 file not found" errors. The file obviously does not exist. Saw a few overlong requests from bad bots not recognizing "data:" uri's inlined in html files, trying to request them. --- http/webserver.go | 3 +++ 1 file changed, 3 insertions(+) diff --git a/http/webserver.go b/http/webserver.go index 34ce8ef..71c4f17 100644 --- a/http/webserver.go +++ b/http/webserver.go @@ -215,6 +215,9 @@ func HandleStatic(h *config.WebStatic, compress bool, w http.ResponseWriter, r * } http.NotFound(w, r) return true + } else if errors.Is(err, syscall.ENAMETOOLONG) { + http.NotFound(w, r) + return true } else if os.IsPermission(err) { // If we tried opening a directory, we may not have permission to read it, but // still access files inside it (execute bit), such as index.html. So try to serve it.