Requests which resolve to a FIFO cause denial of service

[multiplexd]

If the requested URL resolves to a FIFO then merecat opens and reads it like a regular file, which leads to a hang (blocking read on the FIFO). Note that this prevents any further connections from being handled. See here for reference.

[troglobit]

Thank you for the bug report! 😃

I think I've found the fix in thttpgpd mentioned on the mailing list,
https://github.com/mmuman/thttpgpd/blob/master/src/libhttpd.c#L3725

Simplified:

/* If it is not a regular file or a dir, forbid acces.  */
else if (!S_ISREG(hc->sb.st_mode) ) {
	httpd_send_err(hc, 403, err403title, "", ERROR_FORM(err403form,
                "The requested URL '%.80s' does not resolve to a regular file or a directory"),
		hc->encodedurl );
	return -1;
}

However, I'm considering a 404 instead of 403. Feels like a bit too "blabby" by the web server to leak the above meta data?

[troglobit]

Should be fixed in ffd8fe6. Feel free to re-open the issue should the problem persist!

Thank you again for reporting the bug, not only does it help Open Source in general, it reminded me I need to finialize the work I've done but not yet officially released (HTTPS support etc.)! 😃