From dfadb5a7baa5c67f7aeb88cf75f67830eef894b8 Mon Sep 17 00:00:00 2001
From: ed <s@ocv.me>
Date: Thu, 5 Feb 2026 19:56:04 +0000
Subject: [PATCH] truncate chunked PUT at sizelimit; closes #1272

---
 copyparty/authsrv.py |  4 ++--
 copyparty/httpcli.py | 16 +++++++++++++++-
 2 files changed, 17 insertions(+), 3 deletions(-)

diff --git a/copyparty/authsrv.py b/copyparty/authsrv.py
index 763a45fe..cc350f3e 100644
--- a/copyparty/authsrv.py
+++ b/copyparty/authsrv.py
@@ -249,9 +249,9 @@ class Lim(object):
             return
 
         x = broker.ask(volgetter, ptop)
-        nbytes, nfiles = x.get()
+        self.c_vb_v, nfiles = x.get()
 
-        if self.vbmax and self.vbmax < nbytes + sz:
+        if self.vbmax and self.vbmax < self.c_vb_v + sz:
             raise Pebkac(400, "volume has exceeded max size")
 
         if self.vnmax and self.vnmax < nfiles + 1:
diff --git a/copyparty/httpcli.py b/copyparty/httpcli.py
index 0b2b3d91..7679f4cd 100644
--- a/copyparty/httpcli.py
+++ b/copyparty/httpcli.py
@@ -2618,9 +2618,23 @@ class HttpCli(object):
         else:
             f, fn = ren_open(fn, *open_a, **params)
 
+        max_sz = 0
+        if lim and remains < 0:
+            if lim.vbmax:
+                max_sz = lim.c_vb_v
+            if lim.smax and (not max_sz or max_sz > lim.smax):
+                max_sz = lim.smax
+
         try:
             path = os.path.join(fdir, fn)
-            post_sz, sha_hex, sha_b64 = copier(reader, f, hasher, 0, self.args.s_wr_slp)
+            post_sz, sha_hex, sha_b64 = copier(
+                reader, f, hasher, max_sz, self.args.s_wr_slp
+            )
+        except:
+            if max_sz and self.sr.nb >= max_sz:
+                f.close()  # windows
+                wunlink(self.log, path, vfs.flags)
+            raise
         finally:
             f.close()