From 3d44bfb08d4b230d2ad8b111469a8ae4c6957bca Mon Sep 17 00:00:00 2001 From: Michael Kaufmann Date: Thu, 21 May 2020 13:10:04 +0200 Subject: [PATCH] transfer: close connection after excess data has been read For HTTP 1.x, it's a protocol error when the server sends more bytes than announced. If this happens, don't reuse the connection, because the start position of the next response is undefined. Closes #5440 --- lib/transfer.c | 1 + 1 file changed, 1 insertion(+) diff --git a/lib/transfer.c b/lib/transfer.c index cc13bae18..dc43cf6ce 100644 --- a/lib/transfer.c +++ b/lib/transfer.c @@ -838,6 +838,7 @@ static CURLcode readwrite_data(struct Curl_easy *data, ", maxdownload = %" CURL_FORMAT_CURL_OFF_T ", bytecount = %" CURL_FORMAT_CURL_OFF_T "\n", excess, k->size, k->maxdownload, k->bytecount); + connclose(conn, "excess found in a read"); } nread = (ssize_t) (k->maxdownload - k->bytecount);