| Bug #54051 | BENCHMARK allows pointlessly high count values | ||
|---|---|---|---|
| Submitted: | 28 May 2010 2:02 | Modified: | 28 May 2010 3:18 |
| Reporter: | Andrew Dalgleish | Email Updates: | |
| Status: | Verified | Impact on me: | |
| Category: | MySQL Server: General | Severity: | S3 (Non-critical) |
| Version: | 5.0, 5.1 | OS: | Any |
| Assigned to: | CPU Architecture: | Any | |
[28 May 2010 3:18]
Valeriy Kravchuk
Thank you for the feature request.
Description: BENCHMARK and SLEEP allow pointlessly high count values. A malicious user could use this to add load to the server or tie-up connections. How to repeat: SELECT BENCHMARK( 100000000000000000000000000000000000000000000000000000000000000000000000000000, SHA1("ABC")); SELECT SLEEP(10000000000); Suggested fix: Add a configurable limit to benchmark and sleep parameters. (These are not commonly used in a production setting.) Add a per-user query timeout limit.