PR13608: add --max-request-size ## option for server

Add an option in the stap server to set the max (uncompressed)
request size in bytesreceived from the client. If it's not set,
the default max request size is 50KB. Then the max compressed
request size is set to be 10% of the max uncompressed size, making
the default 5KB.

diff --git a/stap-server b/stap-server
index 8e864400629ad1a65d93d0d941760c5222e68839..642d51c3bdaadfe2af833f29f6b10ec0fe02ace4 100644 (file)
--- a/stap-server
+++ b/stap-server
@@ -50,6 +50,7 @@ OPT_PORT_IX=0
 OPT_LOG_IX=0
 OPT_SSL_IX=0
 OPT_MAXTHREADS_IX=0
+OPT_MAXREQSIZE_IX=0
 
 echo_usage () {
   echo $"Usage: $prog {start|stop|restart|condrestart|try-restart|force-reload|status} [options]"
@@ -271,6 +272,10 @@ parse_args () { # arguments
        OPT_MAXTHREADS+=("$2")
         shift 1
        ;;
+      --max-request-size)
+       OPT_MAXREQSIZE+=("$2")
+        shift 1
+       ;;
       --)
         ;;
       *)
@@ -325,6 +330,13 @@ add_distributed_options () {
     else
        SERVER_CMDS+=("MAXTHREADS=\"\"")
     fi
+    # The --max-request-size option
+    if test -n "${OPT_MAXREQSIZE[$OPT_MAXREQSIZE_IX]}"; then
+       SERVER_CMDS+=("MAXREQSIZE=\"`quote_for_cmd "${OPT_MAXREQSIZE[$OPT_MAXREQSIZE_IX]}"`\"")
+       OPT_MAXREQSIZE_IX=$(($OPT_MAXREQSIZE_IX + 1))
+    else
+       SERVER_CMDS+=("MAXREQSIZE=\"\"")
+    fi
 }
 
 # Process the -i flag.
@@ -453,6 +465,7 @@ add_server_commands () {
     test -n "$PORT" && SERVER_CMDS+=("PORT=\"`quote_for_cmd "$PORT"`\"")
     test -n "$SSL" && SERVER_CMDS+=("SSL=\"`quote_for_cmd "$SSL"`\"")
     test -n "$MAXTHREADS" && SERVER_CMDS+=("MAXTHREADS=\"`quote_for_cmd "$MAXTHREADS"`\"")
+    test -n "$MAXREQSIZE" && SERVER_CMDS+=("MAXREQSIZE=\"`quote_for_cmd "$MAXREQSIZE"`\"")
 }
 
 echo_server_options () {
@@ -475,6 +488,7 @@ echo_server_options () {
     test -n "$PORT" && echo -n " --port \"`quote_for_cmd "$PORT"`\""
     test -n "$SSL" && echo -n " --ssl \"`quote_for_cmd "$SSL"`\""
     test -n "$MAXTHREADS" && echo -n " --max-threads \"`quote_for_cmd "$MAXTHREADS"`\""
+    test -n "$MAXREQSIZE" && echo -n " --max-request-size \"`quote_for_cmd "$MAXREQSIZE"`\""
     echo
 }
 
@@ -510,6 +524,7 @@ init_server_opts () {
   PORT=
   SSL=
   MAXTHREADS=
+  MAXREQSIZE=
 }
 
 # Double quotes, backslashes within generated command
@@ -581,6 +596,7 @@ interpret_server_config () {
     local local_PORT=
     local local_SSL=
     local local_MAXTHREADS=
+    local local_MAXREQSIZE=
 
     local input
     while read -r -u3 input
@@ -646,6 +662,9 @@ interpret_server_config () {
            MAXTHREADS=*)
               local_MAXTHREADS="${input:11}"
              ;;
+           MAXREQSIZE=*)
+              local_MAXREQSIZE="${input:11}"
+             ;;
            \#*)
              ;; # Comment, do nothing
            "")
@@ -671,6 +690,7 @@ interpret_server_config () {
     PORT="$local_PORT"
     SSL="$local_SSL"
     MAXTHREADS="$local_MAXTHREADS"
+    MAXREQSIZE="$local_MAXREQSIZE"
 }
 
 # Interpret the contents of a server status file.
@@ -697,6 +717,7 @@ load_server_config () {
       local PORT=
       local SSL=
       local MAXTHREADS=
+      local MAXREQSIZE=
       interpret_server_config "$f" || continue
       # Other options default to empty. These ones don't.
       [ -z "$ARCH" ]     && ARCH=`get_arch`
@@ -732,6 +753,7 @@ get_server_pid_by_config () {
     local target_PORT="$PORT"
     local target_SSL="$SSL"
     local target_MAXTHREADS="$MAXTHREADS"
+    local target_MAXREQSIZE="$MAXREQSIZE"
 
     # Check the status file for each running server to see if it matches
     # the one currently configured. We're checking for a given configuration,
@@ -750,6 +772,7 @@ get_server_pid_by_config () {
        test "X$PORT"         = "X$target_PORT"         || continue
        test "X$SSL"          = "X$target_SSL"          || continue
        test "X$MAXTHREADS"   = "X$target_MAXTHREADS"   || continue
+       test "X$MAXREQSIZE"   = "X$target_MAXREQSIZE"   || continue
        echo `basename "$f" | sed 's/.stat//'` # Server has a pid
        return
     done
@@ -766,6 +789,7 @@ get_server_pid_by_config () {
     PORT="$target_PORT"
     SSL="$target_SSL"
     MAXTHREADS="$target_MAXTHREADS"
+    MAXREQSIZE="$target_MAXREQSIZE"
 }
 
 get_server_pid_by_nickname () {
@@ -840,6 +864,7 @@ start_server () {
     test -n "$PORT" && server_cmd="$server_cmd --port \"`quote_for_cmd "$PORT"`\""
     test -n "$SSL" && server_cmd="$server_cmd --ssl \"`quote_for_cmd "$SSL"`\""
     test -n "$MAXTHREADS" && server_cmd="$server_cmd --max-threads \"`quote_for_cmd "$MAXTHREADS"`\""
+    test -n "$MAXREQSIZE" && server_cmd="$server_cmd --max-request-size \"`quote_for_cmd "$MAXREQSIZE"`\""
 
     # Start the server here.
     local pid
@@ -879,6 +904,7 @@ start_server () {
     echo "PORT=$PORT" >> "$server_status_file"
     echo "SSL=$SSL" >> "$server_status_file"
     echo "MAXTHREADS=$MAXTHREADS" >> "$server_status_file"
+    echo "MAXREQSIZE=$MAXREQSIZE" >> "$server_status_file"
 
     do_success $"$prog start `echo_server_options`"
 }
@@ -1218,6 +1244,7 @@ OPTS=`getopt -s bash -u --options 'a:B:c:D:iI:n:p:kPr:R:u:' \
                         --longoptions 'port:' \
                         --longoptions 'ssl:' \
                         --longoptions 'max-threads:' \
+                        --longoptions 'max-request-size:' \
                         -- "$@"`
 if [ $? -ne 0 ]; then
   echo "Error: Argument parse error: $@" >&2

diff --git a/stap-serverd.cxx b/stap-serverd.cxx
index ba41aa0defa84c44ce428637ab655a6dd723db20..14223380814c365063a7e72006065ae00e74efd1 100644 (file)
--- a/stap-serverd.cxx
+++ b/stap-serverd.cxx
@@ -104,6 +104,7 @@ extern int optind;
 static bool use_db_password;
 static unsigned short port;
 static long max_threads;
+static size_t max_uncompressed_req_size;
 static string cert_db_path;
 static string stap_options;
 static string uname_r;
@@ -208,19 +209,22 @@ parse_options (int argc, char **argv)
     {
       char *num_endptr;
       long port_tmp;
+      long maxsize_tmp;
       // NB: The values of these enumerators must not conflict with the values of ordinary
       // characters, since those are returned by getopt_long for short options.
       enum {
        LONG_OPT_PORT = 256,
        LONG_OPT_SSL,
        LONG_OPT_LOG,
-       LONG_OPT_MAXTHREADS
+       LONG_OPT_MAXTHREADS,
+        LONG_OPT_MAXREQSIZE = 255 /* need ot set a value otherwise there are conflicts */
       };
       static struct option long_options[] = {
         { "port", 1, NULL, LONG_OPT_PORT },
         { "ssl", 1, NULL, LONG_OPT_SSL },
         { "log", 1, NULL, LONG_OPT_LOG },
         { "max-threads", 1, NULL, LONG_OPT_MAXTHREADS },
+        { "max-request-size", 1, NULL, LONG_OPT_MAXREQSIZE},
         { NULL, 0, NULL, 0 }
       };
       int grc = getopt_long (argc, argv, "a:B:D:I:kPr:R:", long_options, NULL);
@@ -280,6 +284,15 @@ parse_options (int argc, char **argv)
            fatal (_F("%s: invalid entry: max threads must not be negative '--max-threads=%s'",
                      argv[0], optarg));
          break;
+        case LONG_OPT_MAXREQSIZE:
+          maxsize_tmp =  strtoul(optarg, &num_endptr, 0); // store as a long for now
+         if (*num_endptr != '\0')
+           fatal (_F("%s: cannot parse number '--max-request-size=%s'", argv[0], optarg));
+          else if (maxsize_tmp < 1)
+           fatal (_F("%s: invalid entry: max request size must not be greater than 0 '--max-request-size=%s'",
+                     argv[0], optarg));
+          max_uncompressed_req_size = (size_t) maxsize_tmp; // convert the long to an unsigned
+          break;
        case '?':
          // Invalid/unrecognized option given. Message has already been issued.
          break;
@@ -961,6 +974,7 @@ initialize (int argc, char **argv) {
   use_db_password = false;
   port = 0;
   max_threads = sysconf( _SC_NPROCESSORS_ONLN ); // Default to number of processors
+  max_uncompressed_req_size = 50000; // 50 KB <- default max compressed request size
   keep_temp = false;
   struct utsname utsname;
   uname (& utsname);
@@ -2067,15 +2081,15 @@ check_request_size (const char * zip_file)
 {
   vector<string> args;
   ostringstream result;
-  size_t max_uncomp_size = 100000; /* 100 KB */
+  size_t max_comp_size = max_uncompressed_req_size * 0.1; // Est about 10% compression
 
   // Check the compressed file size.
   struct stat st;
   stat(zip_file, &st);
   size_t size = st.st_size;
   log (_F("Compressed request file size is: %zu", size));
-  if (size > 5000 /* ~5 KB */) {
-    server_error (_F("Compressed request size is %zu bytes, exceeding the 5000 bytes limit.", size));
+  if (size > max_comp_size) {
+    server_error (_F("Compressed request size is %zu bytes, exceeding the %zu bytes limit.", size, max_comp_size));
     return -1;
   }
 
@@ -2103,10 +2117,10 @@ check_request_size (const char * zip_file)
     }
 
   long uncomp_size = atol(toks[2].c_str());
-  if (uncomp_size < 1 || (unsigned)uncomp_size > max_uncomp_size)
+  if (uncomp_size < 1 || (unsigned)uncomp_size > max_uncompressed_req_size)
     {
       server_error(_F("Uncompressed request size of %ld bytes is not within the expected range of 1 to %zu bytes.",
-                      uncomp_size,max_uncomp_size));
+                      uncomp_size,max_uncompressed_req_size));
       return -1;
     }