Index: wp-includes/class-http.php
===================================================================
--- wp-includes/class-http.php	(revision 17659)
+++ wp-includes/class-http.php	(working copy)
@@ -681,16 +681,18 @@
 			if ( ! $stream_handle )
 				return new WP_Error( 'http_request_failed', sprintf( __( 'Could not open handle for fopen() to %s' ), $r['filename'] ) );
 
+			$bytes_written = 0;
+
 			while ( ! feof($handle) ) {
 				$block = fread( $handle, 4096 );
 				if ( $bodyStarted ) {
-					fwrite( $stream_handle, $block );
+					$bytes_written += fwrite( $stream_handle, $block );
 				} else {
 					$strResponse .= $block;
 					if ( strpos( $strResponse, "\r\n\r\n" ) ) {
 						$process = WP_Http::processResponse( $strResponse );
 						$bodyStarted = true;
-						fwrite( $stream_handle, $process['body'] );
+						$bytes_written += fwrite( $stream_handle, $process['body'] );
 						unset( $strResponse );
 						$process['body'] = '';
 					}
@@ -714,6 +716,12 @@
 
 		$arrHeaders = WP_Http::processHeaders( $process['headers'] );
 
+		//Check the file was fully written to disk
+		if ( $r['stream'] && isset( $arrHeaders['headers']['content-length'] ) && (int)$arrHeaders['headers']['content-length'] > $bytes_written ) {
+			unlink($r['filename']);
+			return new WP_Error('http_request_failed', __('Failed to write full file to disk.') );
+		}
+
 		// If location is found, then assume redirect and redirect to location.
 		if ( isset($arrHeaders['headers']['location']) && 0 !== $r['_redirection'] ) {
 			if ( $r['redirection']-- > 0 ) {
@@ -882,7 +890,7 @@
 			if ( ! $stream_handle )
 				return new WP_Error( 'http_request_failed', sprintf( __( 'Could not open handle for fopen() to %s' ), $r['filename'] ) );
 
-			stream_copy_to_stream( $handle, $stream_handle );
+			$bytes_written = stream_copy_to_stream( $handle, $stream_handle );
 
 			fclose( $stream_handle );
 			$strResponse = '';
@@ -900,6 +908,14 @@
 		else
 			$processedHeaders = WP_Http::processHeaders($meta['wrapper_data']);
 
+		//Check the file was fully written to disk
+		if ( $r['stream'] && isset( $processedHeaders['headers']['content-length'] ) ) {
+			if ( (int)$processedHeaders['headers']['content-length'] > $bytes_written && ! ( $bytes_written === 1 && 0 === (int)$processedHeaders['headers']['content-length'] ) ) { // PHP Bug: http://bugs.php.net/bug.php?id=47997 fixed in 5.2.10
+				unlink($r['filename']);
+				return new WP_Error('http_request_failed', __('Failed to write full file to disk.') );
+			}
+		}
+
 		// Streams does not provide an error code which we can use to see why the request stream stoped.
 		// We can however test to see if a location header is present and return based on that.
 		if ( isset($processedHeaders['headers']['location']) && 0 !== $args['_redirection'] )
@@ -1110,8 +1126,14 @@
 
 		curl_close( $handle );
 
-		if ( $r['stream'] )
+		if ( $r['stream'] ) {
 			fclose( $stream_handle );
+			// Check the file was fully written to disk
+			if ( isset( $theHeaders['headers']['content-length'] ) && (int)$theHeaders['headers']['content-length'] > filesize( $r['filename'] ) ) {
+				unlink($r['filename']);
+				return new WP_Error( 'http_request_failed', __('Failed to write full file to disk.' ) );
+			}
+		}
 
 		// See #11305 - When running under safe mode, redirection is disabled above. Handle it manually.
 		if ( ! empty( $theHeaders['headers']['location'] ) && ( ini_get( 'safe_mode' ) || ini_get( 'open_basedir' ) ) && 0 !== $r['_redirection'] ) {