From e9b5e22ad121ef2251d1c72526c0994c03d2caf0 Mon Sep 17 00:00:00 2001
From: Felix Lange <fjl@users.noreply.github.com>
Date: Mon, 26 Mar 2018 19:46:37 +0800
Subject: rpc: limit chunked requests (#16343)

---
 rpc/http.go | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/rpc/http.go b/rpc/http.go
index 9805d69b6..e8f51150f 100644
--- a/rpc/http.go
+++ b/rpc/http.go
@@ -169,7 +169,8 @@ func (srv *Server) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 	// All checks passed, create a codec that reads direct from the request body
 	// untilEOF and writes the response to w and order the server to process a
 	// single request.
-	codec := NewJSONCodec(&httpReadWriteNopCloser{r.Body, w})
+	body := io.LimitReader(r.Body, maxRequestContentLength)
+	codec := NewJSONCodec(&httpReadWriteNopCloser{body, w})
 	defer codec.Close()
 
 	w.Header().Set("content-type", contentType)
-- 
cgit v1.2.3