From cdb5949b782a521d0a5566671315a76722ff19bc Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@freedombone.net>
Date: Mon, 26 Aug 2019 20:43:52 +0100
Subject: [PATCH] Maximum length of profile data

---
 daemon.py | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/daemon.py b/daemon.py
index 3e995e241..56b35a26b 100644
--- a/daemon.py
+++ b/daemon.py
@@ -2130,6 +2130,11 @@ class PubServer(BaseHTTPRequestHandler):
                     self.server.POSTbusy=False
                     return
                 length = int(self.headers['Content-length'])
+                if length>self.server.maxProfileDataLength:
+                    print('Maximum profile data length exceeded '+str(length))
+                    self._redirect_headers(actorStr,cookie)
+                    self.server.POSTbusy=False
+                    return
                 postBytes=self.rfile.read(length)
                 msg = email.parser.BytesParser().parsebytes(postBytes)                
                 messageFields=msg.get_payload(decode=False).split(boundary)
@@ -3121,6 +3126,7 @@ def runDaemon(projectVersion, \
     httpd.maxQueueLength=16
     httpd.ocapAlways=ocapAlways
     httpd.maxMessageLength=5000
+    httpd.maxProfileDataLength=3*1024*1024
     httpd.maxImageSize=10*1024*1024
     httpd.allowDeletion=allowDeletion
     httpd.lastLoginTime=0