I have found the following two problems that HttpRequestParser is not properly handled with MAX_PARAMETERS and MAX_HEADERS settings:
1. Request query parameters and headers are not rejected with exact settings of MAX_PARAMETERS and MAX_HEADERS. For example, when MAX_PARAMETERS is set to 5, even if there are 6 query parameters in the request, they will be processed normally without being rejected. The request is rejected and the status code "400 Bad Request" is returned only when there are 7 or 8 query parameters in the request.
2. mapCount in handleQueryParameters() (and handlePathParameters()) are reset to 0 when handling next buffer of the same request. Therefore, the request is processed ithout being rejected with MAX_PARAMETERS even if number of query parameters exceeds.