MINOR: cfgparse: limit file size loaded via /dev/stdin

load_cfg_in_mem() can continuously reallocate memory in order to load an
extremely large input from /dev/stdin, until it fails with ENOMEM, which means
that process has consumed all available RAM. In case of containers and
virtualized environments it's not very good.

So, in order to prevent this, let's introduce MAX_CFG_SIZE as 10MB, which will
limit the size of input supplied via /dev/stdin.

diff --git a/include/haproxy/defaults.h b/include/haproxy/defaults.h
index 35317b7af0f4a9d4e86d1c4b96c5539dd4f0ec6a..f19db2cebcdc9677af8c84429a6ba59a94ded793 100644 (file)
--- a/include/haproxy/defaults.h
+++ b/include/haproxy/defaults.h
@@ -106,6 +106,11 @@
 #define LINESIZE       2048
 #endif
 
+// maximum size of a configuration file that could be loaded in memory via
+// /dev/sdtin. This is needed to prevent from loading extremely large files
+// via standard input.
+#define MAX_CFG_SIZE   10485760
+
 // max # args on a configuration line
 #define MAX_LINE_ARGS   64
 

diff --git a/src/cfgparse.c b/src/cfgparse.c
index 09b5b3a845e02fbe9f25895338583ca6640a1932..4296e47e8f73350bb15d87c23deb8619b7a3e57c 100644 (file)
--- a/src/cfgparse.c
+++ b/src/cfgparse.c
@@ -1784,6 +1784,13 @@ ssize_t load_cfg_in_mem(char *filename, char **cfg_content)
        *cfg_content = NULL;
 
        while (1) {
+               if (!file_stat.st_size && ((read_bytes + bytes_to_read) > MAX_CFG_SIZE)) {
+                       ha_alert("Loading %s: input is too large %ldMB, limited to %dMB. Exiting.\n",
+                                filename, (long)(read_bytes + bytes_to_read)/(1024*1024),
+                                MAX_CFG_SIZE/(1024*1024));
+                       goto free_mem;
+               }
+
                if (read_bytes + bytes_to_read > chunk_size) {
                        chunk_size = (read_bytes + bytes_to_read) * 2;
                        new_area  = realloc(*cfg_content, chunk_size);