From: Willy Tarreau Date: Sun, 24 Jul 2011 17:16:52 +0000 (+0200) Subject: [BUG] stream_sock: ensure orphan listeners don't accept too many connections X-Git-Tag: v1.5-dev8~179 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ff45b8ccc61ff64c24c3286431b60f05534e120d;p=thirdparty%2Fhaproxy.git [BUG] stream_sock: ensure orphan listeners don't accept too many connections For listeners that are not bound to a frontend, the limit on the number of accepted connections is tested at the end of the accept() loop, but we don't break out of the loop, meaning that if more connections than what the listener allows are available and if this is less than the proxy's limits and within the size of a batch, then they could be accepted. In practice, this problem currently cannot appear since all listeners are bound to a frontend, and it's a very minor issue anyway. 1.4 has the same issue (which cannot happen there either), but there is some code after it, so it's the code cleanup which revealed it. --- diff --git a/src/stream_sock.c b/src/stream_sock.c index dc04d35b41..c5cd1e5a88 100644 --- a/src/stream_sock.c +++ b/src/stream_sock.c @@ -1293,6 +1293,7 @@ int stream_sock_accept(int fd) if (l->nbconn >= l->maxconn) { EV_FD_CLR(l->fd, DIR_RD); l->state = LI_FULL; + return 0; } } /* end of while (p->feconn < p->maxconn) */ return 0;