ipn/ipnlocal: log and don't return full file serve error (#10174)

Previously we would return the full error from Stat or Open, possibily exposing the full file path. This change will log the error and return the generic error message "an error occurred reading the file or directory". Updates tailscale/corp#15485 Signed-off-by: Tyler Smalley <tyler@tailscale.com>
6 months ago · 90eb5379f4
parent 4f409012c5
commit 90eb5379f4
1 changed files with 4 additions and 2 deletions
--- a/ipn/ipnlocal/serve.go
+++ b/ipn/ipnlocal/serve.go
@ -757,7 +757,8 @@ func (b *LocalBackend) serveFileOrDirectory(w http.ResponseWriter, r *http.Reque
 			http.NotFound(w, r)
 			return
 		}
-		http.Error(w, err.Error(), 500)
+		b.logf("error calling stat on %s: %v", fileOrDir, err)
+		http.Error(w, "an error occurred reading the file or directory", 500)
 		return
 	}
 	if fi.Mode().IsRegular() {
@ -767,7 +768,8 @@ func (b *LocalBackend) serveFileOrDirectory(w http.ResponseWriter, r *http.Reque
 		}
 		f, err := os.Open(fileOrDir)
 		if err != nil {
-			http.Error(w, err.Error(), 500)
+			b.logf("error opening %s: %v", fileOrDir, err)
+			http.Error(w, "an error occurred reading the file or directory", 500)
 			return
 		}
 		defer f.Close()