From 06e6cfa2113c5bd39ded4f27fc0e1a60c030ffa3 Mon Sep 17 00:00:00 2001
From: AJ ONeal <aj@therootcompany.com>
Date: Mon, 20 Apr 2026 20:02:41 -0600
Subject: [PATCH] fix(formmailer): cap request body with MaxBytesReader

ParseMultipartForm(maxFormSize) caps post-header bytes but doesn't
bound the raw body transfer, so a slow/chunked POST can burn server
time before rejection. Wrap r.Body in http.MaxBytesReader so the
transport cuts off over-size bodies immediately.
---
 net/formmailer/formmailer.go | 1 +
 1 file changed, 1 insertion(+)

diff --git a/net/formmailer/formmailer.go b/net/formmailer/formmailer.go
index be336be..ff87da0 100644
--- a/net/formmailer/formmailer.go
+++ b/net/formmailer/formmailer.go
@@ -208,6 +208,7 @@ func (fm *FormMailer) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
+	r.Body = http.MaxBytesReader(w, r.Body, maxFormSize)
 	if err := r.ParseMultipartForm(maxFormSize); err != nil {
 		http.Error(w, "form too large or invalid", http.StatusBadRequest)
 		return