From 91f3ba5a3f6e3c76577b94c0a6c31974d5a3f077 Mon Sep 17 00:00:00 2001 From: Dave Borowitz Date: Mon, 3 Jun 2013 12:15:23 -0700 Subject: [PATCH] Ensure clone.bundle files have proper header Server auth middleware may return a 200 from a clone.bundle request that is not a bundle file, but instead a login or access denied page. Instead of just checking the file size, actually check the first few bytes of the file to ensure it is a bundle file before proceeding. Change-Id: Icea07567c568a24fd838e5cf974c58f9e4abd7c0 --- project.py | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/project.py b/project.py index 5a7a6ca8..18e1131d 100644 --- a/project.py +++ b/project.py @@ -1804,7 +1804,7 @@ class Project(object): return False if os.path.exists(tmpPath): - if curlret == 0 and os.stat(tmpPath).st_size > 16: + if curlret == 0 and self._IsValidBundle(tmpPath): os.rename(tmpPath, dstPath) return True else: @@ -1813,6 +1813,17 @@ class Project(object): else: return False + def _IsValidBundle(self, path): + try: + with open(path) as f: + if f.read(16) == '# v2 git bundle\n': + return True + else: + print("Invalid clone.bundle file; ignoring.", file=sys.stderr) + return False + except OSError: + return False + def _Checkout(self, rev, quiet=False): cmd = ['checkout'] if quiet: