From: Marcelo Magallon <marcelo.magallon@grafana.com>
Date: Tue, 19 Oct 2021 22:37:07 +0000 (-0600)
Subject: Fix body_size_limit negative handling (#838)
X-Git-Url: https://vcs.fsf.org/?a=commitdiff_plain;h=45d2cd6cbb2ef556d53a64d10bbceb06a2150b85;p=blackbox_exporter.git

Fix body_size_limit negative handling (#838)

When body_size_limit is 0 (either explicitly or implicitly because it
wasn't specified) or less, we are setting it to math.MaxInt64. It turns
out that the implementation in http.MaxBytesReader tries to add 1 to the
specified value, and it wraps around. After that, it tries to use the
result to index an slice, causing it to panic.

Work around this by setting the limit to math.MaxInt64 - 1.

Also, if body_size_limit is exactly 0, leave it like that. That causes
the code to avoid setting up the limiter, saving some extra processing.

Signed-off-by: Marcelo E. Magallon <marcelo.magallon@grafana.com>
---

diff --git a/config/config.go b/config/config.go
index 03ac771..24bf271 100644
--- a/config/config.go
+++ b/config/config.go
@@ -290,8 +290,14 @@ func (s *HTTPProbe) UnmarshalYAML(unmarshal func(interface{}) error) error {
 		return err
 	}
 
-	if s.BodySizeLimit <= 0 {
-		s.BodySizeLimit = math.MaxInt64
+	// BodySizeLimit == 0 means no limit. By leaving it at 0 we
+	// avoid setting up the limiter.
+	if s.BodySizeLimit < 0 || s.BodySizeLimit == math.MaxInt64 {
+		// The implementation behind http.MaxBytesReader tries
+		// to add 1 to the specified limit causing it to wrap
+		// around and become negative, and then it tries to use
+		// that result to index an slice.
+		s.BodySizeLimit = math.MaxInt64 - 1
 	}
 
 	if err := s.HTTPClientConfig.Validate(); err != nil {