From d4e565e595e569250c25b867e7d994cf441348fa Mon Sep 17 00:00:00 2001
From: Anis Elleuch <vadmeste@users.noreply.github.com>
Date: Thu, 2 Jun 2022 17:16:26 +0100
Subject: [PATCH] Add defensive check for one stream message size (#15029)

In a streaming response, the client knows the size of a streamed
message but never checks the message size. Add the check to error
out if the response message is truncated.
---
 cmd/storage-rest-server.go | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/cmd/storage-rest-server.go b/cmd/storage-rest-server.go
index 99a1d03c9..309461657 100644
--- a/cmd/storage-rest-server.go
+++ b/cmd/storage-rest-server.go
@@ -1067,10 +1067,13 @@ func waitForHTTPStream(respBody io.ReadCloser, w io.Writer) error {
 				return err
 			}
 			length := binary.LittleEndian.Uint32(tmp[:])
-			_, err = io.CopyBuffer(w, io.LimitReader(respBody, int64(length)), buf)
+			n, err := io.CopyBuffer(w, io.LimitReader(respBody, int64(length)), buf)
 			if err != nil {
 				return err
 			}
+			if n != int64(length) {
+				return io.ErrUnexpectedEOF
+			}
 			continue
 		case 32:
 			continue