--- old/jdk/src/share/classes/sun/net/www/http/ChunkedInputStream.java	2013-02-07 17:07:14.000000000 +0100
+++ new/jdk/src/share/classes/sun/net/www/http/ChunkedInputStream.java	2013-02-07 17:07:14.000000000 +0100
@@ -125,6 +125,11 @@
      */
     private boolean closed;
 
+    /*
+     * Maximum chunk header size of 2KB + 2 bytes for CRLF
+     */
+    private final static int MAX_CHUNK_HEADER_SIZE = 2050;
+
     /**
      * State to indicate that next field should be :-
      *  chunk-size [ chunk-extension ] CRLF
@@ -290,6 +295,10 @@
                             break;
                         }
                         pos++;
+                        if ((pos - rawPos) >= MAX_CHUNK_HEADER_SIZE) {
+                            error = true;
+                            throw new IOException("Chunk header too long");
+                        }
                     }
                     if (pos >= rawCount) {
                         return;