Limit Server::inBuf growth (#1898)

After a ReadNow() call, the buffer length must not exceed accumulation
limits (e.g., client_request_buffer_max_size). SBuf::reserve() alone
cannot reliably enforce those limits because it does not decrease SBuf
space; various SBuf manipulations may lead to excessive SBuf space. When
filled by ReadNow(), that space exceeds the limit.

This change uses documented CommIoCbParams::size trick to limit how much
Comm::ReadNow() may read, obeying SQUID_TCP_SO_RCVBUF (server-to-Squid)
and client_request_buffer_max_size (client-to-Squid) accumulation limit.

diff --git a/src/adaptation/icap/Xaction.cc b/src/adaptation/icap/Xaction.cc
index c25d36c2a2ee694a88d49a21d0b1212eb85e0589..d4ea81b65444090a21780f4822599babf102e095 100644 (file)
--- a/src/adaptation/icap/Xaction.cc
+++ b/src/adaptation/icap/Xaction.cc
@@ -442,6 +442,7 @@ void Adaptation::Icap::Xaction::noteCommRead(const CommIoCbParams &io)
 
     CommIoCbParams rd(this); // will be expanded with ReadNow results
     rd.conn = io.conn;
+    rd.size = SQUID_TCP_SO_RCVBUF - readBuf.length();
 
     switch (Comm::ReadNow(rd, readBuf)) {
     case Comm::INPROGRESS:

diff --git a/src/servers/Server.cc b/src/servers/Server.cc
index 10c1ed0a19f3c92068ad022b0ec84240c0ac6e65..a9aeb9415c9fc98119975ea7afb7e985973c23a8 100644 (file)
--- a/src/servers/Server.cc
+++ b/src/servers/Server.cc
@@ -146,6 +146,9 @@ Server::doClientRead(const CommIoCbParams &io)
 
     CommIoCbParams rd(this); // will be expanded with ReadNow results
     rd.conn = io.conn;
+    Assure(Config.maxRequestBufferSize > inBuf.length());
+    rd.size = Config.maxRequestBufferSize - inBuf.length();
+
     switch (Comm::ReadNow(rd, inBuf)) {
     case Comm::INPROGRESS: