Fix body_size_limit negative handling (#838)

When body_size_limit is 0 (either explicitly or implicitly because it
wasn't specified) or less, we are setting it to math.MaxInt64. It turns
out that the implementation in http.MaxBytesReader tries to add 1 to the
specified value, and it wraps around. After that, it tries to use the
result to index an slice, causing it to panic.

Work around this by setting the limit to math.MaxInt64 - 1.

Also, if body_size_limit is exactly 0, leave it like that. That causes
the code to avoid setting up the limiter, saving some extra processing.

Signed-off-by: Marcelo E. Magallon <marcelo.magallon@grafana.com>

diff --git a/config/config.go b/config/config.go
index 03ac771fc8ef9932508ba65d7f6d635e31d91850..24bf27196bb8bc689eaf6f8f4370b83b902c79db 100644 (file)
--- a/config/config.go
+++ b/config/config.go
@@ -290,8 +290,14 @@ func (s *HTTPProbe) UnmarshalYAML(unmarshal func(interface{}) error) error {
                return err
        }
 
-       if s.BodySizeLimit <= 0 {
-               s.BodySizeLimit = math.MaxInt64
+       // BodySizeLimit == 0 means no limit. By leaving it at 0 we
+       // avoid setting up the limiter.
+       if s.BodySizeLimit < 0 || s.BodySizeLimit == math.MaxInt64 {
+               // The implementation behind http.MaxBytesReader tries
+               // to add 1 to the specified limit causing it to wrap
+               // around and become negative, and then it tries to use
+               // that result to index an slice.
+               s.BodySizeLimit = math.MaxInt64 - 1
        }
 
        if err := s.HTTPClientConfig.Validate(); err != nil {