diff --git a/NEWS b/NEWS index 6fd50d09..001488f5 100644 --- a/NEWS +++ b/NEWS @@ -8,6 +8,7 @@ NEWS * fixed typecast of NULL on execl() (#1235) * fixed circumventing url.access-deny by trailing slash (#1230) * fixed crash on duplicate headers with trailing WS (#1232) + * fixed accepting more connections then requested (#1216) - 1.4.15 - 2007-04-13 diff --git a/src/connections.c b/src/connections.c index 28e62798..2f715ef8 100644 --- a/src/connections.c +++ b/src/connections.c @@ -1252,6 +1252,16 @@ connection *connection_accept(server *srv, server_socket *srv_socket) { socklen_t cnt_len; /* accept it and register the fd */ + /** + * check if we can still open a new connections + * + * see #1216 + */ + + if (srv->conns->used >= srv->max_conns) { + return NULL; + } + cnt_len = sizeof(cnt_addr); if (-1 == (cnt = accept(srv_socket->fd, (struct sockaddr *) &cnt_addr, &cnt_len))) { @@ -1265,6 +1275,9 @@ connection *connection_accept(server *srv, server_socket *srv_socket) { case ECONNABORTED: /* this is a FreeBSD thingy */ /* we were stopped _after_ we had a connection */ break; + case EMFILE: + /* out of fds */ + break; default: log_error_write(srv, __FILE__, __LINE__, "ssd", "accept failed:", strerror(errno), errno); } diff --git a/src/server.c b/src/server.c index 37b7cb48..7eaae3e7 100644 --- a/src/server.c +++ b/src/server.c @@ -775,6 +775,22 @@ int main (int argc, char **argv) { return -1; } + /** + * we are not root can can't increase the fd-limit, but we can reduce it + */ + if (srv->srvconf.max_fds && srv->srvconf.max_fds < rlim.rlim_cur) { + /* set rlimits */ + + rlim.rlim_cur = srv->srvconf.max_fds; + + if (0 != setrlimit(RLIMIT_NOFILE, &rlim)) { + log_error_write(srv, __FILE__, __LINE__, + "ss", "couldn't set 'max filedescriptors'", + strerror(errno)); + return -1; + } + } + if (srv->event_handler == FDEVENT_HANDLER_SELECT) { srv->max_fds = rlim.rlim_cur < FD_SETSIZE - 200 ? rlim.rlim_cur : FD_SETSIZE - 200; } else {