]> git.ipfire.org Git - thirdparty/haproxy.git/commitdiff
projects / thirdparty / haproxy.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: a324616)
MINOR: config: reject configs using HTTP with large bufsize >= 256 MB
authorChristopher Faulet <cfaulet@haproxy.com>
Fri, 13 Feb 2026 14:38:08 +0000 (15:38 +0100)
committerChristopher Faulet <cfaulet@haproxy.com>
Wed, 18 Feb 2026 12:26:21 +0000 (13:26 +0100)
the bufsize was already limited to 256 MB because of Lua and HTX
limitations. So the same limit is set on large buffers.

src/cfgparse.c patch | blob | blame | history

diff --git a/src/cfgparse.c b/src/cfgparse.c
index d2f4f0e98ce5d938c4148819bfed9d9e05f42c50..7ce43858ebf52782f8a166f66d26d51102f0deb8 100644 (file)
--- a/src/cfgparse.c
+++ b/src/cfgparse.c
@@ -2418,6 +2418,11 @@ init_proxies_list_stage1:
                                 global.tune.bufsize);
                        cfgerr++;
                }
+               if (curproxy->mode == PR_MODE_HTTP && global.tune.bufsize_large >= (256 << 20) && ONLY_ONCE()) {
+                       ha_alert("global.tune.bufsize_large must be below 256 MB when HTTP is in use (current value = %d).\n",
+                                global.tune.bufsize_large);
+                       cfgerr++;
+               }
 
                if (curproxy->flags & PR_FL_DISABLED) {
                        /* ensure we don't keep listeners uselessly bound. We
Mirror of https://github.com/haproxy/haproxy.git