fix(file-transfer): handle late tar pipe errors

vincentkoc · vincentkoc · commit b6e354f6ca74 · 2026-05-28T04:14:57.000+02:00
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -25,6 +25,7 @@ Docs: https://docs.openclaw.ai
 - Channels: thread canonical session keys into outbound hooks, preserve Matrix room-id case, keep fallback tool warnings mention-inert, retain delivered Slack final replies during late cleanup, continue iMessage polling after denied reactions, suppress duplicate native exec approvals, preserve Telegram SecretRef prompt config, suppress Discord recovered tool warnings, and block untrusted Teams service URLs. (#73706, #75670, #87366, #87451, #87334) Thanks @zeroaltitude, @lukeboyett, @xiaotian, and @eleqtrizit.
 - CLI/auth/doctor/providers: reject malformed numeric/timeout/subcommand-version inputs, wait for respawn child shutdown, bound Codex and GitHub Copilot OAuth/token requests, warm provider auth off the main thread, honor Codex response timeouts, bound local service startup, resolve GPT-5.5 without cached catalog, migrate legacy memory auto-provider config, rewrite non-canonical `api_key` auth profiles, and make doctor restart follow-ups actionable. (#87398, #86281, #87361) Thanks @Patrick-Erichsen, @samzong, @giodl73-repo, and @alkor2000.
 - Gateway/security/session state: expire browser tokens after auth rotation, scope assistant idempotency dedupe, drain probe client closes, avoid stale restart continuation reuse, preserve retry-after fallbacks, bound webchat image and artifact transcript scans, include seconds in inbound metadata timestamps, and evict current plugin-state namespaces at row caps.
+- File transfer: handle late tar stdin pipe errors after archive validation or unpacking has already settled.
 - Performance: trust install-record caches between reloads, prefer native JSON parsing, reuse unchanged tool-search catalogs, skip unchanged store serialization, add precomputed session patch writers, reduce store clone allocations, cache manifest model catalog rows and auto-enabled plugin config, and slim current metadata identity caches.
 - Docker/release/QA: package runtime workspace templates, stream cross-OS served artifacts, preserve sparse Crabbox run artifacts, bound OpenClaw instance logs, plugin gauntlet relay logs, MCP channel buffers, kitchen-sink scans, agent-turn assertions, and release scenario logs, and keep release/google live guards current.
 
diff --git a/extensions/file-transfer/src/shared/node-invoke-policy.ts b/extensions/file-transfer/src/shared/node-invoke-policy.ts
@@ -367,13 +367,28 @@ async function listDirFetchArchiveEntries(
     child.on("error", (error) => {
       clearTimeout(watchdog);
       if (!aborted) {
+        aborted = true;
         resolve({
           ok: false,
           code: "ARCHIVE_ENTRIES_UNREADABLE",
           reason: `tar -tzf error: ${String(error)}`,
         });
       }
     });
+    child.stdin.on("error", (error: NodeJS.ErrnoException) => {
+      if (aborted && error.code === "EPIPE") {
+        return;
+      }
+      clearTimeout(watchdog);
+      if (!aborted) {
+        aborted = true;
+        resolve({
+          ok: false,
+          code: "ARCHIVE_ENTRIES_UNREADABLE",
+          reason: `tar -tzf input error: ${String(error)}`,
+        });
+      }
+    });
     child.stdin.end(tarBuffer);
   });
 }
diff --git a/extensions/file-transfer/src/tools/dir-fetch-tool.test.ts b/extensions/file-transfer/src/tools/dir-fetch-tool.test.ts
@@ -1,8 +1,9 @@
+import { EventEmitter } from "node:events";
 import { spawn } from "node:child_process";
 import fs from "node:fs/promises";
 import os from "node:os";
 import path from "node:path";
-import { afterEach, beforeEach, describe, expect, it } from "vitest";
+import { afterEach, beforeEach, describe, expect, it, vi } from "vitest";
 import { validateTarUncompressedBudget } from "./dir-fetch-tool.js";
 
 let tmpRoot: string;
@@ -57,3 +58,49 @@ describe("validateTarUncompressedBudget", () => {
     },
   );
 });
+
+describe("dir.fetch tar validation", () => {
+  it("ignores late stdin EPIPE after tar listing has already settled", async () => {
+    vi.resetModules();
+    vi.doMock("node:child_process", async (importOriginal) => {
+      const actual = await importOriginal<typeof import("node:child_process")>();
+      return {
+        ...actual,
+        spawn: vi.fn(() => {
+          const child = new EventEmitter() as EventEmitter & {
+            kill: ReturnType<typeof vi.fn>;
+            stderr: EventEmitter;
+            stdin: EventEmitter & { end: () => void };
+            stdout: EventEmitter;
+          };
+          const stdout = new EventEmitter();
+          const stderr = new EventEmitter();
+          const stdin = new EventEmitter() as EventEmitter & { end: () => void };
+          child.stdout = stdout;
+          child.stderr = stderr;
+          child.stdin = stdin;
+          child.kill = vi.fn();
+          stdin.end = () => {
+            queueMicrotask(() => {
+              stderr.emit("data", Buffer.from("invalid archive"));
+              child.emit("close", 2);
+              stdin.emit("error", Object.assign(new Error("write EPIPE"), { code: "EPIPE" }));
+            });
+          };
+          return child;
+        }),
+      };
+    });
+
+    try {
+      const { testing } = await import("./dir-fetch-tool.js");
+      await expect(testing.preValidateTarball(Buffer.from("x"))).resolves.toEqual({
+        ok: false,
+        reason: "tar -tzf exited 2: invalid archive",
+      });
+    } finally {
+      vi.doUnmock("node:child_process");
+      vi.resetModules();
+    }
+  });
+});
diff --git a/extensions/file-transfer/src/tools/dir-fetch-tool.ts b/extensions/file-transfer/src/tools/dir-fetch-tool.ts
@@ -139,9 +139,20 @@ async function listTarPaths(
     child.on("error", (e) => {
       clearTimeout(watchdog);
       if (!aborted) {
+        aborted = true;
         resolve({ ok: false, reason: `tar -tzf error: ${String(e)}` });
       }
     });
+    child.stdin.on("error", (e: NodeJS.ErrnoException) => {
+      if (aborted && e.code === "EPIPE") {
+        return;
+      }
+      clearTimeout(watchdog);
+      if (!aborted) {
+        aborted = true;
+        resolve({ ok: false, reason: `tar -tzf input error: ${String(e)}` });
+      }
+    });
     child.stdin.end(tarBuffer);
   });
 }
@@ -201,9 +212,20 @@ async function listTarTypeChars(
     child.on("error", (e) => {
       clearTimeout(watchdog);
       if (!aborted) {
+        aborted = true;
         resolve({ ok: false, reason: `tar -tzvf error: ${String(e)}` });
       }
     });
+    child.stdin.on("error", (e: NodeJS.ErrnoException) => {
+      if (aborted && e.code === "EPIPE") {
+        return;
+      }
+      clearTimeout(watchdog);
+      if (!aborted) {
+        aborted = true;
+        resolve({ ok: false, reason: `tar -tzvf input error: ${String(e)}` });
+      }
+    });
     child.stdin.end(tarBuffer);
   });
 }
@@ -386,28 +408,50 @@ async function unpackTar(tarBuffer: Buffer, destDir: string): Promise<void> {
       },
     );
     let stderrOut = "";
-    const watchdog = setTimeout(() => {
+    let settled = false;
+    let watchdog: ReturnType<typeof setTimeout>;
+    const fail = (error: Error): void => {
+      if (settled) {
+        return;
+      }
+      settled = true;
+      clearTimeout(watchdog);
+      reject(error);
+    };
+    const succeed = (): void => {
+      if (settled) {
+        return;
+      }
+      settled = true;
+      clearTimeout(watchdog);
+      resolve();
+    };
+    watchdog = setTimeout(() => {
       try {
         child.kill("SIGKILL");
       } catch {
         /* already gone */
       }
-      reject(new Error(`tar unpack timed out after ${TAR_UNPACK_TIMEOUT_MS}ms`));
+      fail(new Error(`tar unpack timed out after ${TAR_UNPACK_TIMEOUT_MS}ms`));
     }, TAR_UNPACK_TIMEOUT_MS);
     child.stderr.on("data", (chunk: Buffer) => {
       stderrOut += chunk.toString();
     });
     child.on("close", (code) => {
-      clearTimeout(watchdog);
       if (code !== 0) {
-        reject(new Error(`tar unpack exited ${code}: ${stderrOut.slice(0, 300)}`));
+        fail(new Error(`tar unpack exited ${code}: ${stderrOut.slice(0, 300)}`));
         return;
       }
-      resolve();
+      succeed();
     });
     child.on("error", (e) => {
-      clearTimeout(watchdog);
-      reject(e);
+      fail(e);
+    });
+    child.stdin.on("error", (e: NodeJS.ErrnoException) => {
+      if (settled && e.code === "EPIPE") {
+        return;
+      }
+      fail(e);
     });
     child.stdin.end(tarBuffer);
   });
@@ -677,3 +721,8 @@ export function createDirFetchTool(): AnyAgentTool {
     },
   };
 }
+
+export const testing = {
+  preValidateTarball,
+  validateTarUncompressedBudget,
+};
