From 3de5727139f2c3026730ee6b1aea0301b80904ed Mon Sep 17 00:00:00 2001
From: Aaron Ogburn <aogburn@redhat.com>
Date: Thu, 29 Jun 2023 17:01:05 -0400
Subject: [PATCH] [UNDERTOW-2289] limit SavedRequest's buffer allocation to the
 request length

---
 .../src/main/java/io/undertow/servlet/util/SavedRequest.java  | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/servlet/src/main/java/io/undertow/servlet/util/SavedRequest.java b/servlet/src/main/java/io/undertow/servlet/util/SavedRequest.java
index 61aaf54fab..5ffd602097 100644
--- a/servlet/src/main/java/io/undertow/servlet/util/SavedRequest.java
+++ b/servlet/src/main/java/io/undertow/servlet/util/SavedRequest.java
@@ -89,6 +89,10 @@ public static void trySaveRequest(final HttpServerExchange exchange) {
                     UndertowLogger.REQUEST_LOGGER.debugf("Request to %s was to large to save", exchange.getRequestURI());
                     return;//failed to save the request, we just return
                 }
+                // we don't need to size the buffer larger than a known request length
+                if (requestContentLength > 0) {
+                    maxSize = (int) requestContentLength;
+                }
                 //TODO: we should really be used pooled buffers
                 //TODO: we should probably limit the number of saved requests at any given time
                 byte[] buffer = new byte[maxSize];