Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

setting negative session query timeout should not be possible/allowed #6070

Closed
monetdb-team opened this issue Nov 30, 2020 · 0 comments
Closed

setting negative session query timeout should not be possible/allowed #6070

monetdb-team opened this issue Nov 30, 2020 · 0 comments
Labels

Comments

@monetdb-team
Copy link

@monetdb-team monetdb-team commented Nov 30, 2020

Date: 2016-10-06 17:48:39 +0200
From: Martin van Dinther <<martin.van.dinther>>
To: SQL devs <>
Version: 11.23.7 (Jun2016-SP1)
CC: @mlkersten

Last updated: 2016-12-21 13:07:12 +0100

Comment 24467

Date: 2016-10-06 17:48:39 +0200
From: Martin van Dinther <<martin.van.dinther>>

User-Agent: Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:49.0) Gecko/20100101 Firefox/49.0
Build Identifier:

call "sys"."settimeout"(-9) is allowed currently but it should not be allowed.

Also it immediately results in a situation where every send SQL results in a
Error: Query aborted due to timeout
This makes the session useless for the application/user. This should not be possible.

Reproducible: Always

Steps to Reproduce:

  1. Start mserver5
  2. Start mclient
  3. Execute SQL queries:
    SELECT "querytimeout" FROM "sys"."sessions"() WHERE "active";

CALL "sys"."settimeout"(9);
SELECT "querytimeout" FROM "sys"."sessions"() WHERE "active";

CALL "sys"."settimeout"(0);
SELECT "querytimeout" FROM "sys"."sessions"() WHERE "active";

CALL "sys"."settimeout"(-9);
SELECT "querytimeout" FROM "sys"."sessions"() WHERE "active";

Actual Results:

Welcome to mclient, the MonetDB/SQL interactive terminal (unreleased)
Database: MonetDB v11.24.0 (unreleased), 'demo'
Type \q to quit, ? for a list of available commands
auto commit mode: on
sql>SELECT "querytimeout" FROM "sys"."sessions"() WHERE "active";
+--------------+
| querytimeout |
+==============+
| 0 |
+--------------+
1 tuple (1.189ms)
sql>
sql>CALL "sys"."settimeout"(9);
sql>SELECT "querytimeout" FROM "sys"."sessions"() WHERE "active";
+--------------+
| querytimeout |
+==============+
| 9 |
+--------------+
1 tuple (0.966ms)
sql>
sql>CALL "sys"."settimeout"(0);
sql>SELECT "querytimeout" FROM "sys"."sessions"() WHERE "active";
+--------------+
| querytimeout |
+==============+
| 0 |
+--------------+
1 tuple (0.802ms)
sql>
sql>CALL "sys"."settimeout"(-9);
Query aborted due to timeout
sql>SELECT "querytimeout" FROM "sys"."sessions"() WHERE "active";
Query aborted due to timeout
sql>

Expected Results:

error msg "Illegal timeout value: -9" after: CALL "sys"."settimeout"(-9);
No setting or change of the querytimeout parameter of the current session, such that successive SQL statements are executed normally.

Potentially also
CALL "sys"."settimeout"(9, -10);
and
CALL "sys"."setsession"(-9);
should be protected against calling negative session timeouts.

Comment 24468

Date: 2016-10-06 18:05:10 +0200
From: @mlkersten

I patched the default branch to protect against it.

Comment 24469

Date: 2016-10-06 18:07:01 +0200
From: MonetDB Mercurial Repository <>

Changeset ba5ba134b9e2 made by Martin van Dinther martin.van.dinther@monetdbsolutions.com in the MonetDB repo, refers to this bug.

For complete details, see http//devmonetdborg/hg/MonetDB?cmd=changeset;node=ba5ba134b9e2

Changeset description:

Add test for bug #6070

Comment 24470

Date: 2016-10-06 18:08:29 +0200
From: Martin van Dinther <<martin.van.dinther>>

The procedures:

-- control the query and session time out
create procedure sys.settimeout("query" bigint)
external name sql.settimeout;
create procedure sys.settimeout("query" bigint, "session" bigint)
external name sql.settimeout;
create procedure sys.setsession("timeout" bigint)
external name sql.setsession;

are created in file: 22_clients.sql

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
1 participant