From: Willy Tarreau Date: Thu, 26 Aug 2021 13:59:44 +0000 (+0200) Subject: BUG/MINOR: config: reject configs using HTTP with bufsize >= 256 MB X-Git-Tag: v2.5-dev7~39 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=32b51cdf303cb30425000f1db6ecdae5de84ff8d;p=thirdparty%2Fhaproxy.git BUG/MINOR: config: reject configs using HTTP with bufsize >= 256 MB As seen in commit 5ef965606 ("BUG/MINOR: lua: use strlcpy2() not strncpy() to copy sample keywords"), configs with large values of tune.bufsize were not practically usable since Lua was introduced, regardless of the machine's available memory. In addition, HTX encoding already limits block sizes to 256 MB, thus it is not technically possible to use that large a buffer size when HTTP is in use. This is absurdly high anyway, and for example Lua initialization would take around one minute on a 4 GHz CPU. Better prevent such a config from starting than having to deal with bug reports that make no sense. The check is only enforced if at least one HTX proxy was found, as there is no techincal reason to block it for configs that are solely based on raw TCP, and it could still be imagined that some such might exist with single connections (e.g. a log forwarder that buffers to cover for the storage I/O latencies). This should be backported to all HTX-enabled versions (2.0 and above). --- diff --git a/src/cfgparse.c b/src/cfgparse.c index 9f6f3fe163..250e4ed58f 100644 --- a/src/cfgparse.c +++ b/src/cfgparse.c @@ -2477,6 +2477,12 @@ int check_config_validity() eb32_insert(&used_proxy_id, &curproxy->conf.id); } + if (curproxy->mode == PR_MODE_HTTP && global.tune.bufsize >= (256 << 20) && ONLY_ONCE()) { + ha_alert("global.tune.bufsize must be below 256 MB when HTTP is in use (current value = %d).\n", + global.tune.bufsize); + cfgerr++; + } + /* next IDs are shifted even if the proxy is disabled, this * guarantees that a proxy that is temporarily disabled in the * configuration doesn't cause a renumbering. Internal proxies