From 5f31e83aa7d399045171dafd10f6934cd1eb5d5c Mon Sep 17 00:00:00 2001 From: Eduard Bagdasaryan Date: Mon, 9 Sep 2024 16:41:50 +0000 Subject: [PATCH] Limit Server::inBuf growth (#1898) After a ReadNow() call, the buffer length must not exceed accumulation limits (e.g., client_request_buffer_max_size). SBuf::reserve() alone cannot reliably enforce those limits because it does not decrease SBuf space; various SBuf manipulations may lead to excessive SBuf space. When filled by ReadNow(), that space exceeds the limit. This change uses documented CommIoCbParams::size trick to limit how much Comm::ReadNow() may read, obeying SQUID_TCP_SO_RCVBUF (server-to-Squid) and client_request_buffer_max_size (client-to-Squid) accumulation limit. --- src/adaptation/icap/Xaction.cc | 1 + src/servers/Server.cc | 3 +++ 2 files changed, 4 insertions(+) diff --git a/src/adaptation/icap/Xaction.cc b/src/adaptation/icap/Xaction.cc index c25d36c2a2e..d4ea81b6544 100644 --- a/src/adaptation/icap/Xaction.cc +++ b/src/adaptation/icap/Xaction.cc @@ -442,6 +442,7 @@ void Adaptation::Icap::Xaction::noteCommRead(const CommIoCbParams &io) CommIoCbParams rd(this); // will be expanded with ReadNow results rd.conn = io.conn; + rd.size = SQUID_TCP_SO_RCVBUF - readBuf.length(); switch (Comm::ReadNow(rd, readBuf)) { case Comm::INPROGRESS: diff --git a/src/servers/Server.cc b/src/servers/Server.cc index 10c1ed0a19f..a9aeb9415c9 100644 --- a/src/servers/Server.cc +++ b/src/servers/Server.cc @@ -146,6 +146,9 @@ Server::doClientRead(const CommIoCbParams &io) CommIoCbParams rd(this); // will be expanded with ReadNow results rd.conn = io.conn; + Assure(Config.maxRequestBufferSize > inBuf.length()); + rd.size = Config.maxRequestBufferSize - inBuf.length(); + switch (Comm::ReadNow(rd, inBuf)) { case Comm::INPROGRESS: