From 3425726c503f7822508071b113e1cc5492d538e7 Mon Sep 17 00:00:00 2001
From: Nick Craig-Wood <nick@craig-wood.com>
Date: Wed, 24 Nov 2021 13:08:25 +0000
Subject: [PATCH] oauthutil: fix crash when webrowser requests /robots.txt -
 fixes #5836

Before this change the oauth webserver would crash if it received a
request to /robots.txt.

This patch makes it ignore (with 404 error) any paths it isn't
expecting.
---
 lib/oauthutil/oauthutil.go | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/lib/oauthutil/oauthutil.go b/lib/oauthutil/oauthutil.go
index 2203a0e47..56c936d71 100644
--- a/lib/oauthutil/oauthutil.go
+++ b/lib/oauthutil/oauthutil.go
@@ -691,6 +691,11 @@ func newAuthServer(opt *Options, bindAddress, state, authURL string) *authServer
 
 // Receive the auth request
 func (s *authServer) handleAuth(w http.ResponseWriter, req *http.Request) {
+	if req.URL.Path != "/" {
+		fs.Debugf(nil, "Ignoring %s request on auth server to %q", req.Method, req.URL.Path)
+		http.NotFound(w, req)
+		return
+	}
 	fs.Debugf(nil, "Received %s request on auth server to %q", req.Method, req.URL.Path)
 
 	// Reply with the response to the user and to the channel
@@ -752,10 +757,6 @@ func (s *authServer) Init() error {
 	}
 	s.server.SetKeepAlivesEnabled(false)
 
-	mux.HandleFunc("/favicon.ico", func(w http.ResponseWriter, req *http.Request) {
-		http.Error(w, "", http.StatusNotFound)
-		return
-	})
 	mux.HandleFunc("/auth", func(w http.ResponseWriter, req *http.Request) {
 		state := req.FormValue("state")
 		if state != s.state {