From 45d2cd6cbb2ef556d53a64d10bbceb06a2150b85 Mon Sep 17 00:00:00 2001 From: Marcelo Magallon Date: Tue, 19 Oct 2021 16:37:07 -0600 Subject: [PATCH] Fix body_size_limit negative handling (#838) When body_size_limit is 0 (either explicitly or implicitly because it wasn't specified) or less, we are setting it to math.MaxInt64. It turns out that the implementation in http.MaxBytesReader tries to add 1 to the specified value, and it wraps around. After that, it tries to use the result to index an slice, causing it to panic. Work around this by setting the limit to math.MaxInt64 - 1. Also, if body_size_limit is exactly 0, leave it like that. That causes the code to avoid setting up the limiter, saving some extra processing. Signed-off-by: Marcelo E. Magallon --- config/config.go | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/config/config.go b/config/config.go index 03ac771..24bf271 100644 --- a/config/config.go +++ b/config/config.go @@ -290,8 +290,14 @@ func (s *HTTPProbe) UnmarshalYAML(unmarshal func(interface{}) error) error { return err } - if s.BodySizeLimit <= 0 { - s.BodySizeLimit = math.MaxInt64 + // BodySizeLimit == 0 means no limit. By leaving it at 0 we + // avoid setting up the limiter. + if s.BodySizeLimit < 0 || s.BodySizeLimit == math.MaxInt64 { + // The implementation behind http.MaxBytesReader tries + // to add 1 to the specified limit causing it to wrap + // around and become negative, and then it tries to use + // that result to index an slice. + s.BodySizeLimit = math.MaxInt64 - 1 } if err := s.HTTPClientConfig.Validate(); err != nil { -- 2.25.1