From da06ecb97b43736544a57a7421d35068eea2ac85 Mon Sep 17 00:00:00 2001
From: pptx704 <rafeed@omukk.dev>
Date: Mon, 13 Apr 2026 02:09:50 +0600
Subject: [PATCH] Fix file browser crash on non-regular files and connection
 leaks

- envd: reject non-regular files (devices, pipes, sockets) in GetFiles
  to prevent infinite reads from /dev/zero, /dev/urandom etc.
- host agent: add context cancellation check in ReadFileStream loop
  with proper Connect error codes
- frontend: abort in-flight file reads on file switch, directory
  navigation, and component teardown via AbortController
- frontend: guard against abort errors surfacing in UI, use try/finally
  for fileLoading state
---
 envd/internal/api/download.go               | 12 +++++
 frontend/src/lib/api/files.ts               | 20 ++++++--
 frontend/src/lib/components/FilesTab.svelte | 57 ++++++++++++++-------
 internal/hostagent/server.go                | 10 ++++
 4 files changed, 78 insertions(+), 21 deletions(-)

diff --git a/envd/internal/api/download.go b/envd/internal/api/download.go
index b90a8ac..0a2119e 100644
--- a/envd/internal/api/download.go
+++ b/envd/internal/api/download.go
@@ -1,4 +1,5 @@
 // SPDX-License-Identifier: Apache-2.0
+// Modifications by M/S Omukk
 
 package api
 
@@ -106,6 +107,17 @@ func (a *API) GetFiles(w http.ResponseWriter, r *http.Request, params GetFilesPa
 		return
 	}
 
+	// Reject anything that isn't a regular file (devices, pipes, sockets, etc.).
+	// Reading device files like /dev/zero or /dev/urandom produces infinite data
+	// and will exhaust memory on all layers of the stack.
+	if !stat.Mode().IsRegular() {
+		errMsg = fmt.Errorf("path '%s' is not a regular file", resolvedPath)
+		errorCode = http.StatusBadRequest
+		jsonError(w, errorCode, errMsg)
+
+		return
+	}
+
 	// Validate Accept-Encoding header
 	encoding, err := parseAcceptEncoding(r)
 	if err != nil {
diff --git a/frontend/src/lib/api/files.ts b/frontend/src/lib/api/files.ts
index e89daad..d7ac54b 100644
--- a/frontend/src/lib/api/files.ts
+++ b/frontend/src/lib/api/files.ts
@@ -72,7 +72,11 @@ export async function listDir(capsuleId: string, path: string, depth = 1): Promi
 	}
 }
 
-export async function readFile(capsuleId: string, path: string): Promise<ApiResult<string>> {
+export async function readFile(
+	capsuleId: string,
+	path: string,
+	signal?: AbortSignal,
+): Promise<ApiResult<string>> {
 	try {
 		const headers: Record<string, string> = { 'Content-Type': 'application/json' };
 		if (auth.token) headers['Authorization'] = `Bearer ${auth.token}`;
@@ -81,6 +85,7 @@ export async function readFile(capsuleId: string, path: string): Promise<ApiResu
 			method: 'POST',
 			headers,
 			body: JSON.stringify({ path }),
+			signal,
 		});
 
 		if (!res.ok) {
@@ -95,12 +100,20 @@ export async function readFile(capsuleId: string, path: string): Promise<ApiResu
 		const blob = await res.blob();
 		const text = await blob.text();
 		return { ok: true, data: text };
-	} catch {
+	} catch (e) {
+		if (e instanceof DOMException && e.name === 'AbortError') {
+			return { ok: false, error: 'Request aborted' };
+		}
 		return { ok: false, error: 'Unable to connect to the server' };
 	}
 }
 
-export async function downloadFile(capsuleId: string, path: string, filename: string): Promise<void> {
+export async function downloadFile(
+	capsuleId: string,
+	path: string,
+	filename: string,
+	signal?: AbortSignal,
+): Promise<void> {
 	const headers: Record<string, string> = { 'Content-Type': 'application/json' };
 	if (auth.token) headers['Authorization'] = `Bearer ${auth.token}`;
 
@@ -108,6 +121,7 @@ export async function downloadFile(capsuleId: string, path: string, filename: st
 		method: 'POST',
 		headers,
 		body: JSON.stringify({ path }),
+		signal,
 	});
 
 	if (!res.ok) throw new Error('Download failed');
diff --git a/frontend/src/lib/components/FilesTab.svelte b/frontend/src/lib/components/FilesTab.svelte
index effce24..db7937f 100644
--- a/frontend/src/lib/components/FilesTab.svelte
+++ b/frontend/src/lib/components/FilesTab.svelte
@@ -1,4 +1,5 @@
 <script lang="ts">
+	import { onDestroy } from 'svelte';
 	import {
 		listDir,
 		readFile,
@@ -37,6 +38,14 @@
 	let dirGeneration = 0;
 	let fileGeneration = 0;
 
+	// AbortController for in-flight file reads — aborted when the user
+	// selects a different file or the component is torn down.
+	let fileAbort: AbortController | null = null;
+
+	onDestroy(() => {
+		fileAbort?.abort();
+	});
+
 	const MAX_PREVIEW_LINES = 5000;
 	const MAX_HIGHLIGHT_LINES = 2000; // Don't tokenize huge files — diminishing returns
 
@@ -83,6 +92,10 @@
 	const canGoUp = $derived(currentPath !== '/' && currentPath.startsWith('/'));
 
 	async function navigateTo(path: string) {
+		// Abort any in-flight file read and invalidate stale generation so the
+		// abort error isn't surfaced in the UI.
+		fileAbort?.abort();
+		++fileGeneration;
 		currentPath = normalizePath(path);
 		pathInput = currentPath;
 		selectedFile = null;
@@ -146,6 +159,9 @@
 			return;
 		}
 
+		// Abort any in-flight file read before starting a new one.
+		fileAbort?.abort();
+
 		selectedFile = entry;
 		fileContent = null;
 		fileError = null;
@@ -159,26 +175,31 @@
 
 		fileLoading = true;
 		const gen = ++fileGeneration;
-		const result = await readFile(capsuleId, entry.path);
-		if (gen !== fileGeneration) return; // stale response — user clicked another file
-		if (result.ok) {
-			if (looksLikeBinary(result.data)) {
-				fileContent = null;
-			} else {
-				fileContent = result.data;
-				// Kick off highlighting in the background — preview shows plain text immediately.
-				// Only tokenize up to MAX_HIGHLIGHT_LINES to avoid freezing on large files.
-				const linesToHighlight = result.data.split('\n').length > MAX_HIGHLIGHT_LINES
-					? result.data.split('\n').slice(0, MAX_HIGHLIGHT_LINES).join('\n')
-					: result.data;
-				tokenize(linesToHighlight, entry.name).then((tokens) => {
-					if (gen === fileGeneration) highlightedTokens = tokens;
-				});
+		const controller = new AbortController();
+		fileAbort = controller;
+		try {
+			const result = await readFile(capsuleId, entry.path, controller.signal);
+			if (gen !== fileGeneration) return; // stale response — user clicked another file
+			if (result.ok) {
+				if (looksLikeBinary(result.data)) {
+					fileContent = null;
+				} else {
+					fileContent = result.data;
+					// Kick off highlighting in the background — preview shows plain text immediately.
+					// Only tokenize up to MAX_HIGHLIGHT_LINES to avoid freezing on large files.
+					const linesToHighlight = result.data.split('\n').length > MAX_HIGHLIGHT_LINES
+						? result.data.split('\n').slice(0, MAX_HIGHLIGHT_LINES).join('\n')
+						: result.data;
+					tokenize(linesToHighlight, entry.name).then((tokens) => {
+						if (gen === fileGeneration) highlightedTokens = tokens;
+					});
+				}
+			} else if (result.error !== 'Request aborted') {
+				fileError = result.error;
 			}
-		} else {
-			fileError = result.error;
+		} finally {
+			if (gen === fileGeneration) fileLoading = false;
 		}
-		fileLoading = false;
 	}
 
 	function looksLikeBinary(text: string): boolean {
diff --git a/internal/hostagent/server.go b/internal/hostagent/server.go
index 7c1315e..ff13954 100644
--- a/internal/hostagent/server.go
+++ b/internal/hostagent/server.go
@@ -516,6 +516,16 @@ func (s *Server) ReadFileStream(
 	// Stream file content in 64KB chunks.
 	buf := make([]byte, 64*1024)
 	for {
+		// Bail out early if the client disconnected or the context was cancelled.
+		select {
+		case <-ctx.Done():
+			if ctx.Err() == context.DeadlineExceeded {
+				return connect.NewError(connect.CodeDeadlineExceeded, ctx.Err())
+			}
+			return connect.NewError(connect.CodeCanceled, ctx.Err())
+		default:
+		}
+
 		n, err := resp.Body.Read(buf)
 		if n > 0 {
 			chunk := make([]byte, n)