Merge branch '4.0.x'

Closes gh-50163

Author: wilkinsona

module/spring-boot-devtools/src/main/java/org/springframework/boot/devtools/livereload/ConnectionInputStream.java

@@ -31,6 +31,8 @@ class ConnectionInputStream extends FilterInputStream {
 
 	private static final int BUFFER_SIZE = 4096;
 
+	private static final int MAX_HEADER_SIZE = 8192;
+
 	ConnectionInputStream(InputStream in) {
 		super(in);
 	}
@@ -45,11 +47,16 @@ class ConnectionInputStream extends FilterInputStream {
 	String readHeader() throws IOException {
 		byte[] buffer = new byte[BUFFER_SIZE];
 		StringBuilder content = new StringBuilder(BUFFER_SIZE);
-		while (content.indexOf(HEADER_END) == -1) {
+		while (content.indexOf(HEADER_END) == -1 && content.length() < MAX_HEADER_SIZE) {
 			int amountRead = checkedRead(buffer, 0, BUFFER_SIZE);
 			content.append(new String(buffer, 0, amountRead));
 		}
-		return content.substring(0, content.indexOf(HEADER_END));
+
+		int endIndex = content.indexOf(HEADER_END);
+		if (endIndex == -1) {
+			throw new IOException("Malformed header");
+		}
+		return content.substring(0, endIndex);
 	}
 
 	/**

module/spring-boot-devtools/src/test/java/org/springframework/boot/devtools/livereload/ConnectionInputStreamTests.java

@@ -20,6 +20,7 @@
 import java.io.FilterInputStream;
 import java.io.IOException;
 import java.io.InputStream;
+import java.util.Random;
 
 import org.junit.jupiter.api.Test;
 
@@ -47,6 +48,14 @@ void readHeader() throws Exception {
 		assertThat(inputStream.readHeader()).isEqualTo(header);
 	}
 
+	@Test
+	void readHeaderThrowsWhenHeaderIsMalformed() {
+		byte[] header = new byte[10000];
+		new Random().nextBytes(header);
+		ConnectionInputStream inputStream = new ConnectionInputStream(new ByteArrayInputStream(header));
+		assertThatIOException().isThrownBy(inputStream::readHeader).withMessage("Malformed header");
+	}
+
 	@Test
 	void readFully() throws Exception {
 		byte[] bytes = "the data that we want to read fully".getBytes();