[ota] Add wall-clock timeout to OTA data transfer loop (#16047)

esphome/components/esphome/ota/ota_esphome.cpp

@@ -292,6 +292,7 @@ void ESPHomeOTAComponent::handle_data_() {
   bool update_started = false;
   size_t total = 0;
   uint32_t last_progress = 0;
+  uint32_t last_data_ms = 0;
   uint8_t buf[OTA_BUFFER_SIZE];
   char *sbuf = reinterpret_cast<char *>(buf);
   size_t ota_size;
@@ -350,8 +351,18 @@ void ESPHomeOTAComponent::handle_data_() {
   // Acknowledge MD5 OK - 1 byte
   this->write_byte_(ota::OTA_RESPONSE_BIN_MD5_OK);
 
+  // Track when we last received data so a silently-vanished peer (no FIN/RST
+  // delivered, e.g. uploader killed mid-transfer or NAT/router dropped state)
+  // can't wedge the device indefinitely. Without this, the loop only exits
+  // on actual data, EOF, or a non-EWOULDBLOCK error from read(), and lwIP
+  // TCP keepalive isn't enabled here.
+  last_data_ms = millis();
   while (total < ota_size) {
-    // TODO: timeout check
+    if (millis() - last_data_ms > OTA_SOCKET_TIMEOUT_DATA) {
+      ESP_LOGW(TAG, "No data received for %u ms", (unsigned) OTA_SOCKET_TIMEOUT_DATA);
+      error_code = ota::OTA_RESPONSE_ERROR_UNKNOWN;
+      goto error;  // NOLINT(cppcoreguidelines-avoid-goto)
+    }
     size_t remaining = ota_size - total;
     size_t requested = remaining < OTA_BUFFER_SIZE ? remaining : OTA_BUFFER_SIZE;
     ssize_t read = this->client_->read(buf, requested);
@@ -369,6 +380,7 @@ void ESPHomeOTAComponent::handle_data_() {
       goto error;  // NOLINT(cppcoreguidelines-avoid-goto)
     }
 
+    last_data_ms = millis();
     error_code = this->backend_->write(buf, read);
     if (error_code != ota::OTA_RESPONSE_OK) {
       ESP_LOGW(TAG, "Flash write err %d", error_code);