From 638369923793499beae7d2aaea0c6b53a8eed275 Mon Sep 17 00:00:00 2001 From: Willy Tarreau Date: Thu, 26 Aug 2021 15:59:44 +0200 Subject: [PATCH] BUG/MINOR: config: reject configs using HTTP with bufsize >= 256 MB As seen in commit 5ef965606 ("BUG/MINOR: lua: use strlcpy2() not strncpy() to copy sample keywords"), configs with large values of tune.bufsize were not practically usable since Lua was introduced, regardless of the machine's available memory. In addition, HTX encoding already limits block sizes to 256 MB, thus it is not technically possible to use that large a buffer size when HTTP is in use. This is absurdly high anyway, and for example Lua initialization would take around one minute on a 4 GHz CPU. Better prevent such a config from starting than having to deal with bug reports that make no sense. The check is only enforced if at least one HTX proxy was found, as there is no techincal reason to block it for configs that are solely based on raw TCP, and it could still be imagined that some such might exist with single connections (e.g. a log forwarder that buffers to cover for the storage I/O latencies). This should be backported to all HTX-enabled versions (2.0 and above). (cherry picked from commit 32b51cdf303cb30425000f1db6ecdae5de84ff8d) [wt: minor ctx adj] Signed-off-by: Willy Tarreau (cherry picked from commit 95d0810ddec6d778bf8a08f4369bacbc0f19ad6e) Signed-off-by: Willy Tarreau --- src/cfgparse.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/src/cfgparse.c b/src/cfgparse.c index aeb2814..8a05271 100644 --- a/src/cfgparse.c +++ b/src/cfgparse.c @@ -2239,6 +2239,11 @@ int check_config_validity() } next_pxid++; + if (curproxy->mode == PR_MODE_HTTP && global.tune.bufsize >= (256 << 20) && ONLY_ONCE()) { + ha_alert("global.tune.bufsize must be below 256 MB when HTTP is in use (current value = %d).\n", + global.tune.bufsize); + cfgerr++; + } if (curproxy->disabled) { /* ensure we don't keep listeners uselessly bound. We -- 1.7.10.4