Check the saved file length + md5 hash at upload processing. (#8728)

Author: isoos

app/lib/package/backend.dart

@@ -915,6 +915,19 @@ class PackageBackend {
       _logger.info('Examining tarball content ($guid).');
       final sw = Stopwatch()..start();
       final file = File(filename);
+      final fileLength = await file.length();
+      if (fileLength != info.length) {
+        _logger.warning(
+            'Saved file length mismatch ($fileLength != ${info.length}).');
+        throw InvalidInputException(
+            'Failed to save uploaded file: length mismatch.');
+      }
+      final md5Hash = (await file.openRead().transform(md5).single).bytes;
+      if (!md5Hash.byteToByteEquals(info.md5Hash)) {
+        _logger.warning('Saved file md5 mismatch.');
+        throw InvalidInputException(
+            'Failed to save uploaded file: md5 mismatch.');
+      }
       final sha256Hash = (await file.openRead().transform(sha256).single).bytes;
       final archive = await summarizePackageArchive(
         filename,