From: Daniel Stenberg <daniel@haxx.se>
Date: Sun, 14 Jun 2026 10:13:42 +0000 (+0200)
Subject: socks_sspi: invalid response length is a fatal error
X-Git-Tag: rc-8_21_0-3~52
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=fb83911aa68b0ac59263dc7070fc42e2755ce662;p=thirdparty%2Fcurl.git

socks_sspi: invalid response length is a fatal error

Pointed out by Zeropath
Closes #21999
---

diff --git a/lib/socks_sspi.c b/lib/socks_sspi.c
index 8ab538fba1..ef3d1c6ba0 100644
--- a/lib/socks_sspi.c
+++ b/lib/socks_sspi.c
@@ -442,6 +442,7 @@ static CURLcode socks5_sspi_encrypt(struct Curl_cfilter *cf,
     if(sspi_w_token[1].cbBuffer != 1) {
       failf(data, "Invalid SSPI encryption response length (%lu).",
             (unsigned long)sspi_w_token[1].cbBuffer);
+      goto fail;
     }
 
     memcpy(socksreq, sspi_w_token[1].pvBuffer, sspi_w_token[1].cbBuffer);