dataroaring commented on PR #53540:
URL: https://github.com/apache/doris/pull/53540#issuecomment-3284900057
**⚠️ MAJOR: Missing Input Validation for Critical Parameters**
**File**: `fe/fe-core/src/main/java/org/apache/doris/qe/SessionVariable.java`
```java
@VariableMgr.VarAttr(name = QUERY_FRESHNESS_TOLERANCE_MS, needForward =
false)
public long queryFreshnessToleranceMs = -1; // ❌ NO BOUNDS CHECKING
```
**Issue**: The `queryFreshnessToleranceMs` parameter accepts any `long`
value without validation, which can cause:
**Security & Stability Risks**:
- **Integer overflow**: Very large values could overflow in calculations
- **Resource exhaustion**: Extremely large tolerance could cause memory
issues
- **Logic errors**: Negative values (other than -1) could cause unexpected
behavior
- **Performance degradation**: Unreasonably large timeouts could impact
query performance
**Potential Attack Vector**: A malicious user could set extremely large
values to DoS the system or cause integer overflow vulnerabilities.
**Current Risk Examples**:
```sql
-- These should be rejected but aren't:
SET query_freshness_tolerance_ms = 9223372036854775807; -- MAX_LONG,
potential overflow
SET query_freshness_tolerance_ms = -1000; -- Negative, logic
error
SET query_freshness_tolerance_ms = 86400000000; -- 1000 days,
unreasonable
```
**Fix**: Add proper validation with reasonable bounds:
```java
private static final long MAX_FRESHNESS_TOLERANCE_MS = 24 * 60 * 60 * 1000L;
// 24 hours
private static final long MIN_FRESHNESS_TOLERANCE_MS = -1; // -1 means
disabled
@VariableMgr.VarAttr(name = QUERY_FRESHNESS_TOLERANCE_MS, needForward =
false,
checker = "checkQueryFreshnessToleranceMs")
public long queryFreshnessToleranceMs = -1;
public static void checkQueryFreshnessToleranceMs(long value) throws
DdlException {
if (value < MIN_FRESHNESS_TOLERANCE_MS) {
throw new DdlException("query_freshness_tolerance_ms cannot be less
than -1");
}
if (value > MAX_FRESHNESS_TOLERANCE_MS) {
throw new DdlException("query_freshness_tolerance_ms cannot exceed "
+
MAX_FRESHNESS_TOLERANCE_MS + " ms (24 hours)");
}
}
```
**Additional Validation Needed**:
- Check for potential overflow in arithmetic operations using this value
- Add range validation in the backend C++ code as well
- Consider adding warnings for very large values
**Priority**: This should be fixed before merge to prevent potential
security and stability issues.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
