From ded6170bd2072971f72db794f3ab1625a8e13475 Mon Sep 17 00:00:00 2001
From: Platonides <platonides@gmail.com>
Date: Mon, 7 May 2012 23:13:04 +0200
Subject: [PATCH] Treat truncated HTTP requests as errors.

We detect such prematurely ended request when there's a Content-Length
greater than the body we got. A strict comparison would easily fail
when there was a content encoding layer, but hopefully we won't hit
a compressed request _larger_ than the original content.

See http://thread.gmane.org/gmane.org.wikimedia.mediawiki/39622
for breakage caused by truncated HTTP replies.

Change-Id: I71418424730d46a781bde5cbfda8038457ec79c5
---
 includes/HttpFunctions.php         | 6 ++++++
 languages/messages/MessagesEn.php  | 1 +
 languages/messages/MessagesQqq.php | 1 +
 maintenance/language/messages.inc  | 1 +
 4 files changed, 9 insertions(+)

diff --git a/includes/HttpFunctions.php b/includes/HttpFunctions.php
index 6adef844a2..054a836c04 100644
--- a/includes/HttpFunctions.php
+++ b/includes/HttpFunctions.php
@@ -756,6 +756,12 @@ class CurlHttpRequest extends MWHttpRequest {
 		$this->parseHeader();
 		$this->setStatus();
 
+		if ( isset( $this->respHeaders['content-length'] ) ) {
+			if ( strlen( $this->content ) < $this->respHeaders['content-length'] ) {
+				$this->status->fatal( 'http-truncated-body' );
+			}
+		}
+
 		return $this->status;
 	}
 
diff --git a/languages/messages/MessagesEn.php b/languages/messages/MessagesEn.php
index bb080780fd..34cb9f1499 100644
--- a/languages/messages/MessagesEn.php
+++ b/languages/messages/MessagesEn.php
@@ -2347,6 +2347,7 @@ For optimal security, img_auth.php is disabled.',
 'http-curl-error'       => 'Error fetching URL: $1',
 'http-host-unreachable' => 'Could not reach URL.',
 'http-bad-status'       => 'There was a problem during the HTTP request: $1 $2',
+'http-truncated-body'   => 'The request body was only partially received.',
 
 # Some likely curl errors. More could be added from <http://curl.haxx.se/libcurl/c/libcurl-errors.html>
 'upload-curl-error6'       => 'Could not reach URL',
diff --git a/languages/messages/MessagesQqq.php b/languages/messages/MessagesQqq.php
index 2bce710c5d..9227ac7ac3 100644
--- a/languages/messages/MessagesQqq.php
+++ b/languages/messages/MessagesQqq.php
@@ -2016,6 +2016,7 @@ Siebrand think this has to do with allowing MediaWiki to fetch remote URLs, and
 
 If \'scheme\' is difficult to translate, then you could use \'prefix\' instead.',
 'http-bad-status' => '$1 is an HTTP error code (e.g. 404), $2 is the HTTP error message (e.g. File Not Found)',
+'http-truncated-body'   => 'Seems the connection closed prematurely. The HTTP response contained a Content-length greated than the received body.',
 
 'license' => 'This appears in the upload form for the license drop-down. The header in the file description page is now at {{msg-mw|License-header}}.',
 'nolicense' => '{{Identical|None selected}}',
diff --git a/maintenance/language/messages.inc b/maintenance/language/messages.inc
index d22449b8c3..bcc579260a 100644
--- a/maintenance/language/messages.inc
+++ b/maintenance/language/messages.inc
@@ -1445,6 +1445,7 @@ $wgMessageStructure = array(
 		'http-curl-error',
 		'http-host-unreachable',
 		'http-bad-status',
+		'http-truncated-body',
 	),
 
 	'upload-curl-errors' => array(
-- 
2.20.1