response size check on keyListResponseWithCorrectSize breaks with 32bit keys and keyring size >20

Question

response size check on keyListResponseWithCorrectSize breaks with 32bit keys and keyring size >20

danieleva opened this issue 3 years ago · 0 comments

The function fkeyListResponseWithCorrectSize has an issue in the logic used to decide when to truncate the response. It does a decreasing loop starting from q.serf.config.QueryResponseSizeLimit / minEncodedKeyLength, and truncates the list until the message can fit into q.serf.config.QueryResponseSizeLimit. If the value of q.serf.config.QueryResponseSizeLimit / minEncodedKeyLength higher than len(resp.Keys), the truncate operation causes a panic.
We discover the bug in consul, with the default configuration q.serf.config.QueryResponseSizeLimit / minEncodedKeyLength is 40, and it takes 38 16bit keys or 22 32bit keys to trigger the bug and crash a consul server sending a list keyring rpc. The test doesn't catch the bug as it uses a list with 50 items.