From fc730c8b1cabca69f67156cb867cf605470ed39d Mon Sep 17 00:00:00 2001
From: Solderpunk <solderpunk@sdf.org>
Date: Thu, 4 Jun 2020 23:24:19 +0200
Subject: [PATCH] Refuse to serve any sensitive files.

---
 handler.go | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/handler.go b/handler.go
index 30568ae..1c0afa4 100644
--- a/handler.go
+++ b/handler.go
@@ -106,6 +106,14 @@ func handleGeminiRequest(conn net.Conn, config Config, logEntries chan LogEntry)
 		return
 	}
 
+	// Paranoid security measure:
+	// Fail if the URL has mapped to our TLS files or the log
+	if path == config.CertPath || path == config.KeyPath || path == config.LogPath {
+		conn.Write([]byte("51 Not found!\r\n"))
+		log.Status = 51
+		return
+	}
+
 	// Handle directories
 	if info.IsDir() {
 		// Redirect to add trailing slash if missing