From 90eb5379f439a74538af6f3fbda81367bd917205 Mon Sep 17 00:00:00 2001
From: Tyler Smalley <tyler@tailscale.com>
Date: Thu, 16 Nov 2023 10:53:40 -0800
Subject: [PATCH] ipn/ipnlocal: log and don't return full file serve error
 (#10174)

Previously we would return the full error from Stat or Open, possibily exposing the full file path. This change will log the error and return the generic error message "an error occurred reading the file or directory".

Updates tailscale/corp#15485

Signed-off-by: Tyler Smalley <tyler@tailscale.com>
---
 ipn/ipnlocal/serve.go | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/ipn/ipnlocal/serve.go b/ipn/ipnlocal/serve.go
index 2f2cfe5ea..c637a09be 100644
--- a/ipn/ipnlocal/serve.go
+++ b/ipn/ipnlocal/serve.go
@@ -757,7 +757,8 @@ func (b *LocalBackend) serveFileOrDirectory(w http.ResponseWriter, r *http.Reque
 			http.NotFound(w, r)
 			return
 		}
-		http.Error(w, err.Error(), 500)
+		b.logf("error calling stat on %s: %v", fileOrDir, err)
+		http.Error(w, "an error occurred reading the file or directory", 500)
 		return
 	}
 	if fi.Mode().IsRegular() {
@@ -767,7 +768,8 @@ func (b *LocalBackend) serveFileOrDirectory(w http.ResponseWriter, r *http.Reque
 		}
 		f, err := os.Open(fileOrDir)
 		if err != nil {
-			http.Error(w, err.Error(), 500)
+			b.logf("error opening %s: %v", fileOrDir, err)
+			http.Error(w, "an error occurred reading the file or directory", 500)
 			return
 		}
 		defer f.Close()