http, querystring: added limits to prevent DoS

1 files changed, 11 insertions, 3 deletions

diff --git a/lib/querystring.js b/lib/querystring.js
index 58b90250c4..f2038f5b21 100644
--- a/lib/querystring.js
+++ b/lib/querystring.js
@@ -160,16 +160,24 @@ QueryString.stringify = QueryString.encode = function(obj, sep, eq, name) {
 };
 
 // Parse a key=val string.
-QueryString.parse = QueryString.decode = function(qs, sep, eq) {
+QueryString.parse = QueryString.decode = function(qs, sep, eq, options) {
   sep = sep || '&';
   eq = eq || '=';
-  var obj = {};
+  var obj = {},
+      maxKeys = options && options.maxKeys || 1000;
 
   if (typeof qs !== 'string' || qs.length === 0) {
     return obj;
   }
 
-  qs.split(sep).forEach(function(kvp) {
+  qs = qs.split(sep);
+
+  // maxKeys <= 0 means that we should not limit keys count
+  if (maxKeys > 0) {
+    qs = qs.slice(0, maxKeys);
+  }
+
+  qs.forEach(function(kvp) {
     var x = kvp.split(eq);
     var k = QueryString.unescape(x[0], true);
     var v = QueryString.unescape(x.slice(1).join(eq), true);