From fb83911aa68b0ac59263dc7070fc42e2755ce662 Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Sun, 14 Jun 2026 12:13:42 +0200
Subject: [PATCH] socks_sspi: invalid response length is a fatal error

Pointed out by Zeropath
Closes #21999
---
 lib/socks_sspi.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/lib/socks_sspi.c b/lib/socks_sspi.c
index 8ab538fba1..ef3d1c6ba0 100644
--- a/lib/socks_sspi.c
+++ b/lib/socks_sspi.c
@@ -442,6 +442,7 @@ static CURLcode socks5_sspi_encrypt(struct Curl_cfilter *cf,
     if(sspi_w_token[1].cbBuffer != 1) {
       failf(data, "Invalid SSPI encryption response length (%lu).",
             (unsigned long)sspi_w_token[1].cbBuffer);
+      goto fail;
     }
 
     memcpy(socksreq, sspi_w_token[1].pvBuffer, sspi_w_token[1].cbBuffer);