ServeDir to call fallback for invalid filenames (#586)

aryaveersr · web-flow · commit cf3046f22662 · 2025-06-20T12:38:34.000Z
diff --git a/tower-http/CHANGELOG.md b/tower-http/CHANGELOG.md
@@ -10,8 +10,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 ## Fixed
 
 - `on_eos` is now called even for successful responses. ([#580])
+- `ServeDir`: call fallback when filename is invalid ([#586])
 
 [#580]: https://github.com/tower-rs/tower-http/pull/580
+[#586]: https://github.com/tower-rs/tower-http/pull/586
 
 # 0.6.6
 
diff --git a/tower-http/src/services/fs/serve_dir/future.rs b/tower-http/src/services/fs/serve_dir/future.rs
@@ -105,7 +105,7 @@ where
                         break Poll::Ready(Ok(res));
                     }
 
-                    Ok(OpenFileOutput::FileNotFound) => {
+                    Ok(OpenFileOutput::FileNotFound | OpenFileOutput::InvalidFilename) => {
                         if let Some((mut fallback, request)) = fallback_and_request.take() {
                             call_fallback(&mut fallback, request)
                         } else {
diff --git a/tower-http/src/services/fs/serve_dir/open_file.rs b/tower-http/src/services/fs/serve_dir/open_file.rs
@@ -10,7 +10,7 @@ use http_range_header::RangeUnsatisfiableError;
 use std::{
     ffi::OsStr,
     fs::Metadata,
-    io::{self, SeekFrom},
+    io::{self, ErrorKind, SeekFrom},
     ops::RangeInclusive,
     path::{Path, PathBuf},
 };
@@ -23,6 +23,7 @@ pub(super) enum OpenFileOutput {
     PreconditionFailed,
     NotModified,
     InvalidRedirectUri,
+    InvalidFilename,
 }
 
 pub(super) struct FileOpened {
@@ -110,7 +111,15 @@ pub(super) async fn open_file(
         })))
     } else {
         let (mut file, maybe_encoding) =
-            open_file_with_fallback(path_to_file, negotiated_encodings).await?;
+            match open_file_with_fallback(path_to_file, negotiated_encodings).await {
+                Ok(result) => result,
+
+                Err(err) if is_invalid_filename_error(&err) => {
+                    return Ok(OpenFileOutput::InvalidFilename)
+                }
+                Err(err) => return Err(err),
+            };
+
         let meta = file.metadata().await?;
         let last_modified = meta.modified().ok().map(LastModified::from);
         if let Some(output) = check_modified_headers(
@@ -141,6 +150,26 @@ pub(super) async fn open_file(
     }
 }
 
+fn is_invalid_filename_error(err: &io::Error) -> bool {
+    // Only applies to NULL bytes
+    if err.kind() == ErrorKind::InvalidInput {
+        return true;
+    }
+
+    // FIXME: Remove when MSRV >= 1.87.
+    // `io::ErrorKind::InvalidFilename` is stabilized in v1.87
+    #[cfg(windows)]
+    if let Some(raw_err) = err.raw_os_error() {
+        // https://github.com/rust-lang/rust/blob/70e2b4a4d197f154bed0eb3dcb5cac6a948ff3a3/library/std/src/sys/pal/windows/mod.rs
+        // Lines 81 and 115
+        if (raw_err == 123) || (raw_err == 161) || (raw_err == 206) {
+            return true;
+        }
+    }
+
+    false
+}
+
 fn check_modified_headers(
     modified: Option<&LastModified>,
     if_unmodified_since: Option<IfUnmodifiedSince>,
diff --git a/tower-http/src/services/fs/serve_dir/tests.rs b/tower-http/src/services/fs/serve_dir/tests.rs
@@ -834,3 +834,46 @@ async fn calls_fallback_on_invalid_paths() {
 
     assert_eq!(res.headers()["from-fallback"], "1");
 }
+
+// https://github.com/tower-rs/tower-http/issues/573
+#[tokio::test]
+async fn calls_fallback_on_invalid_filenames() {
+    async fn fallback<T>(_: T) -> Result<Response<Body>, Infallible> {
+        let mut res = Response::new(Body::empty());
+        res.headers_mut()
+            .insert("from-fallback", "1".parse().unwrap());
+        Ok(res)
+    }
+
+    let svc = ServeDir::new("..").fallback(service_fn(fallback));
+
+    let req = Request::builder()
+        .uri("/invalid|path")
+        .body(Body::empty())
+        .unwrap();
+
+    let res = svc.oneshot(req).await.unwrap();
+
+    assert_eq!(res.headers()["from-fallback"], "1");
+}
+
+#[tokio::test]
+async fn calls_fallback_on_null() {
+    async fn fallback<T>(_: T) -> Result<Response<Body>, Infallible> {
+        let mut res = Response::new(Body::empty());
+        res.headers_mut()
+            .insert("from-fallback", "1".parse().unwrap());
+        Ok(res)
+    }
+
+    let svc = ServeDir::new("..").fallback(service_fn(fallback));
+
+    let req = Request::builder()
+        .uri("/invalid-path%00")
+        .body(Body::empty())
+        .unwrap();
+
+    let res = svc.oneshot(req).await.unwrap();
+
+    assert_eq!(res.headers()["from-fallback"], "1");
+}

Original file line number	Diff line number	Diff line change
`@@ -105,7 +105,7 @@ where`
`105`	`105`	`break Poll::Ready(Ok(res));`
`106`	`106`	`}`
`107`	`107`
`108`		`- Ok(OpenFileOutput::FileNotFound) => {`
	`108`	`+ Ok(OpenFileOutput::FileNotFound \| OpenFileOutput::InvalidFilename) => {`
`109`	`109`	`if let Some((mut fallback, request)) = fallback_and_request.take() {`
`110`	`110`	`call_fallback(&mut fallback, request)`
`111`	`111`	`} else {`