From: Christopher Faulet <cfaulet@haproxy.com>
Date: Fri, 13 Feb 2026 14:38:08 +0000 (+0100)
Subject: MINOR: config: reject configs using HTTP with large bufsize >= 256 MB
X-Git-Tag: v3.4-dev5~25
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=cfa30dea4e02e8db7c00d33cc3126ce999334743;p=thirdparty%2Fhaproxy.git

MINOR: config: reject configs using HTTP with large bufsize >= 256 MB

the bufsize was already limited to 256 MB because of Lua and HTX
limitations. So the same limit is set on large buffers.
---

diff --git a/src/cfgparse.c b/src/cfgparse.c
index d2f4f0e98..7ce43858e 100644
--- a/src/cfgparse.c
+++ b/src/cfgparse.c
@@ -2418,6 +2418,11 @@ init_proxies_list_stage1:
 				 global.tune.bufsize);
 			cfgerr++;
 		}
+		if (curproxy->mode == PR_MODE_HTTP && global.tune.bufsize_large >= (256 << 20) && ONLY_ONCE()) {
+			ha_alert("global.tune.bufsize_large must be below 256 MB when HTTP is in use (current value = %d).\n",
+				 global.tune.bufsize_large);
+			cfgerr++;
+		}
 
 		if (curproxy->flags & PR_FL_DISABLED) {
 			/* ensure we don't keep listeners uselessly bound. We