From e9885ecb9437be8ca83ba2767b7d5e64aadfe8f7 Mon Sep 17 00:00:00 2001
From: Anders Daljord Morken <anders.morken@cxense.com>
Date: Tue, 16 Aug 2016 15:10:02 +0200
Subject: [PATCH] Bugfix: Avoid divide-by-zero panic on query_range?step=0

---
 web/api/v1/api.go      |  5 +++++
 web/api/v1/api_test.go | 11 +++++++++++
 2 files changed, 16 insertions(+)

diff --git a/web/api/v1/api.go b/web/api/v1/api.go
index 72b19893b..97085cda6 100644
--- a/web/api/v1/api.go
+++ b/web/api/v1/api.go
@@ -187,6 +187,11 @@ func (api *API) queryRange(r *http.Request) (interface{}, *apiError) {
 		return nil, &apiError{errorBadData, err}
 	}
 
+	if step <= 0 {
+		err := errors.New("zero or negative query resolution step widths are not accepted. Try a positive integer")
+		return nil, &apiError{errorBadData, err}
+	}
+
 	// For safety, limit the number of returned points per timeseries.
 	// This is sufficient for 60s resolution for a week or 1h resolution for a year.
 	if end.Sub(start)/step > 11000 {
diff --git a/web/api/v1/api_test.go b/web/api/v1/api_test.go
index 89388ab47..38ee39cfb 100644
--- a/web/api/v1/api_test.go
+++ b/web/api/v1/api_test.go
@@ -187,6 +187,17 @@ func TestEndpoints(t *testing.T) {
 			},
 			errType: errorBadData,
 		},
+		// Invalid step
+		{
+			endpoint: api.queryRange,
+			query: url.Values{
+				"query": []string{"time()"},
+				"start": []string{"1"},
+				"end":   []string{"2"},
+				"step":  []string{"0"},
+			},
+			errType: errorBadData,
+		},
 		{
 			endpoint: api.labelValues,
 			params: map[string]string{