From b692b88a5763a75ba1e4c724c1113b209f6b42e9 Mon Sep 17 00:00:00 2001
From: Dave Collins <davec@conformal.com>
Date: Mon, 18 Sep 2023 16:15:50 -0500
Subject: [PATCH] main: Add read header timeout to profile server.

The profiling server typically shouldn't be exposed to the public, so
this doesn't make a huge difference, but it's still good practice for
HTTP servers to have read timeouts.
---
 dcrd.go | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/dcrd.go b/dcrd.go
index 5ec101f05a..35d2a724ec 100644
--- a/dcrd.go
+++ b/dcrd.go
@@ -16,6 +16,7 @@ import (
 	"runtime/debug"
 	"runtime/pprof"
 	"strings"
+	"time"
 
 	"github.com/decred/dcrd/internal/blockchain"
 	"github.com/decred/dcrd/internal/blockchain/indexers"
@@ -109,12 +110,16 @@ func dcrdMain() error {
 	if cfg.Profile != "" {
 		go func() {
 			listenAddr := cfg.Profile
-			dcrdLog.Infof("Creating profiling server "+
-				"listening on %s", listenAddr)
+			dcrdLog.Infof("Creating profiling server listening on %s",
+				listenAddr)
 			profileRedirect := http.RedirectHandler("/debug/pprof",
 				http.StatusSeeOther)
 			http.Handle("/", profileRedirect)
-			err := http.ListenAndServe(listenAddr, nil)
+			server := &http.Server{
+				Addr:              listenAddr,
+				ReadHeaderTimeout: time.Second * 3,
+			}
+			err := server.ListenAndServe()
 			if err != nil {
 				fatalf(err.Error())
 			}