From 54b941dea5b595302c47ed2ebecf8ec30dc76050 Mon Sep 17 00:00:00 2001
From: Mark Reynolds <mreynolds@redhat.com>
Date: Jan 24 2020 14:08:14 +0000
Subject: Issue 49990 - Need to enforce a hard maximum limit for file descriptors


Description: on some platforms the maximum FD limit is high it can cause
             a OOM at server startup.  So we need to add a hard maximum
             limit.

relates: https://pagure.io/389-ds-base/issue/49990

Reviewed by: firstyear & tbordaz (Thanks!!)

---

diff --git a/ldap/servers/slapd/libglobs.c b/ldap/servers/slapd/libglobs.c
index 6c0b018..41c9bbd 100644
--- a/ldap/servers/slapd/libglobs.c
+++ b/ldap/servers/slapd/libglobs.c
@@ -1579,7 +1579,9 @@ FrontendConfig_init(void)
 #endif
     /* Default the maximum fd's to the maximum allowed */
     if (getrlimit(RLIMIT_NOFILE, &rlp) == 0) {
-        maxdescriptors = (int64_t)rlp.rlim_max;
+        if ((int64_t)rlp.rlim_max < SLAPD_DEFAULT_MAXDESCRIPTORS) {
+            maxdescriptors = (int64_t)rlp.rlim_max;
+        }
     }
 
     /* Take the lock to make sure we barrier correctly. */
@@ -4355,7 +4357,7 @@ config_set_maxdescriptors(const char *attrname, char *value, char *errorbuf, int
 {
     int32_t retVal = LDAP_SUCCESS;
     int64_t nValue = 0;
-    int64_t maxVal = 524288;
+    int64_t maxVal = SLAPD_DEFAULT_MAXDESCRIPTORS;
     struct rlimit rlp;
     char *endp = NULL;
 
@@ -4366,7 +4368,9 @@ config_set_maxdescriptors(const char *attrname, char *value, char *errorbuf, int
     }
 
     if (0 == getrlimit(RLIMIT_NOFILE, &rlp)) {
-        maxVal = (int)rlp.rlim_max;
+        if ((int64_t)rlp.rlim_max < maxVal) {
+            maxVal = (int64_t)rlp.rlim_max;
+        }
     }
 
     errno = 0;
diff --git a/ldap/servers/slapd/slap.h b/ldap/servers/slapd/slap.h
index 06bf118..1faa02e 100644
--- a/ldap/servers/slapd/slap.h
+++ b/ldap/servers/slapd/slap.h
@@ -350,8 +350,8 @@ typedef void (*VFPV)(); /* takes undefined arguments */
 
 #define SLAPD_DEFAULT_PAGEDSIZELIMIT 0
 #define SLAPD_DEFAULT_PAGEDSIZELIMIT_STR "0"
-#define SLAPD_DEFAULT_MAXDESCRIPTORS 8192
-#define SLAPD_DEFAULT_MAXDESCRIPTORS_STR "8192"
+#define SLAPD_DEFAULT_MAXDESCRIPTORS 1048576
+#define SLAPD_DEFAULT_MAXDESCRIPTORS_STR "1048576"
 #define SLAPD_DEFAULT_MAX_FILTER_NEST_LEVEL 40
 #define SLAPD_DEFAULT_MAX_FILTER_NEST_LEVEL_STR "40"
 #define SLAPD_DEFAULT_GROUPEVALNESTLEVEL 0