extras/try_gzip_static: return 404 on ENOTDIR

Some attackers may try /path/to/file/foo where /path/to/file is actually a valid path to a regular file. Of course, requests like this work on dynamic websites, but not static file mappings because Unix directories and files cannot be the same thing.
author: Eric Wong <e@80x24.org> 2013-11-11 03:31:33 +0000
committer: Eric Wong <e@80x24.org> 2013-11-12 07:08:34 +0000
commit: 1d33205a7500f08c49e247af688877b0cc22cdfe (patch)
tree: 86768902cbeaaf7a8f8bbeb97d94940df7283aa5 /extras
parent: 340d96e9d389b96c1d709e58b8ac08d8faee935b (diff)
download: yahns-1d33205a7500f08c49e247af688877b0cc22cdfe.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/extras/try_gzip_static.rb b/extras/try_gzip_static.rb
index efe47f9..5e6a4e7 100644
--- a/extras/try_gzip_static.rb
+++ b/extras/try_gzip_static.rb
@@ -91,7 +91,7 @@ class TryGzipStatic
      begin
        st = File.stat(path)
        st.file? ? [ path, st ] : r(404)
-    rescue Errno::ENOENT
+    rescue Errno::ENOENT, Errno::ENOTDIR
        r(404)
      rescue Errno::EACCES
        r(403)
author	Eric Wong <e@80x24.org>	2013-11-11 03:31:33 +0000
committer	Eric Wong <e@80x24.org>	2013-11-12 07:08:34 +0000
commit	1d33205a7500f08c49e247af688877b0cc22cdfe (patch)
tree	86768902cbeaaf7a8f8bbeb97d94940df7283aa5 /extras
parent	340d96e9d389b96c1d709e58b8ac08d8faee935b (diff)
download	yahns-1d33205a7500f08c49e247af688877b0cc22cdfe.tar.gz