thevar1able/ClickHouse
1
0
Fork 0
mirror of https://github.com/ClickHouse/ClickHouse.git synced 2024-09-19 16:20:50 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #67326 from ClickHouse/fix-dos-rand

Browse Source 
Prevent DoS in random distributions
This commit is contained in:
Alexey Milovidov 2024-07-29 16:29:32 +00:00 committed by GitHub
commit a023f2c970
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
3 changed files with 15 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
src/Functions/randDistribution.cpp
View File

@ -93,6 +93,9 @@ struct ChiSquaredDistribution
static void generate(Float64 degree_of_freedom, ColumnFloat64::Container & container)
{
if (degree_of_freedom <= 0)
throw Exception(ErrorCodes::BAD_ARGUMENTS, "Argument (degrees of freedom) of function {} should be greater than zero", getName());
auto distribution = std::chi_squared_distribution<>(degree_of_freedom);
for (auto & elem : container)
elem = distribution(thread_local_rng);
@ -107,6 +110,9 @@ struct StudentTDistribution
static void generate(Float64 degree_of_freedom, ColumnFloat64::Container & container)
{
if (degree_of_freedom <= 0)
throw Exception(ErrorCodes::BAD_ARGUMENTS, "Argument (degrees of freedom) of function {} should be greater than zero", getName());
auto distribution = std::student_t_distribution<>(degree_of_freedom);
for (auto & elem : container)
elem = distribution(thread_local_rng);
@ -121,6 +127,9 @@ struct FisherFDistribution
static void generate(Float64 d1, Float64 d2, ColumnFloat64::Container & container)
{
if (d1 <= 0 || d2 <= 0)
throw Exception(ErrorCodes::BAD_ARGUMENTS, "Argument (degrees of freedom) of function {} should be greater than zero", getName());
auto distribution = std::fisher_f_distribution<>(d1, d2);
for (auto & elem : container)
elem = distribution(thread_local_rng);
@ -300,7 +309,7 @@ public:
}
else
{
throw Exception(ErrorCodes::BAD_ARGUMENTS, "More than two argument specified for function {}", getName());
throw Exception(ErrorCodes::BAD_ARGUMENTS, "More than two arguments specified for function {}", getName());
}
return res_column;

0
tests/queries/0_stateless/03213_rand_dos.reference Normal file
View File

5
tests/queries/0_stateless/03213_rand_dos.sql Normal file
View File

@ -0,0 +1,5 @@
SELECT randChiSquared(-0.0000001); -- { serverError BAD_ARGUMENTS }
SELECT randChiSquared(-0.0); -- { serverError BAD_ARGUMENTS }
SELECT randStudentT(-0.); -- { serverError BAD_ARGUMENTS }
SELECT randFisherF(-0., 1); -- { serverError BAD_ARGUMENTS }
SELECT randFisherF(1, -0.); -- { serverError BAD_ARGUMENTS }