Index: main/http.c
===================================================================
--- main/http.c	(revision 381342)
+++ main/http.c	(working copy)
@@ -612,6 +612,8 @@
 	ast_uri_decode(s);
 }
 
+#define MAX_POST_CONTENT 1025
+
 /*
  * get post variables from client Request Entity-Body, if content type is
  * application/x-www-form-urlencoded
@@ -644,6 +646,13 @@
 		return NULL;
 	}
 
+	if (content_length > MAX_POST_CONTENT - 1) {
+		ast_log(LOG_WARNING, "Excessively long HTTP content. %d is greater than our max of %d\n",
+				content_length, MAX_POST_CONTENT);
+		ast_http_send(ser, AST_HTTP_POST, 413, "Request Entity Too Large", NULL, NULL, 0, 0);
+		return NULL;
+	}
+
 	buf = ast_malloc(content_length + 1);
 	if (!buf) {
 		return NULL;
