From 06d66fa47292b34ff1dfb91b0ba9268d76894321 Mon Sep 17 00:00:00 2001 From: Doug MacEachern Date: Mon, 4 Dec 2017 14:29:40 -0800 Subject: [PATCH] toolbox: validate request offset in ListFiles The ListFiles handler assumed the 'offset' param was always valid. It could be invalid if client-side logic is wrong or directory contents have shrunk in between calls. Either way, we reply with '0' remaining files in this case as open-vm-tools does. Fixes #934 --- toolbox/command.go | 7 +++++-- toolbox/command_test.go | 4 ++++ 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/toolbox/command.go b/toolbox/command.go index 84d4b808a..83fd0173a 100644 --- a/toolbox/command.go +++ b/toolbox/command.go @@ -511,8 +511,11 @@ func (c *CommandServer) ListFiles(header vix.CommandRequestHeader, data []byte) offset := r.Body.Offset + uint64(r.Body.Index) total := uint64(len(files)) - offset - - files = files[offset:] + if int(offset) < len(files) { + files = files[offset:] + } else { + total = 0 // offset is not valid (open-vm-tools behaves the same in this case) + } var remaining uint64 diff --git a/toolbox/command_test.go b/toolbox/command_test.go index 57a4a037c..267620a1d 100644 --- a/toolbox/command_test.go +++ b/toolbox/command_test.go @@ -821,6 +821,10 @@ func TestVixFiles(t *testing.T) { t.Errorf("expected %d, got %d", max, total) } + // Test invalid offset, making sure it doesn't cause panic (issue #934) + ls.Body.Offset += 10 + _ = c.Request(vix.CommandListFiles, ls) + // mv $dir ${dir}-old mv = &vix.RenameFileRequest{ OldPathName: dir,