PXB-2145 encrypt-key appears in process-list

rahulmalik87 · rahulmalik87 · commit fbb2970439fb · 2020-04-07T16:05:28.000+05:30
Problem:
Encrypt-key appears in process-list

Fix:
mask encrypt-key from processlist
diff --git a/storage/innobase/xtrabackup/src/xtrabackup.cc b/storage/innobase/xtrabackup/src/xtrabackup.cc
@@ -820,8 +820,7 @@ struct my_option xb_client_options[] =
    &xtrabackup_encrypt_algo, &xtrabackup_encrypt_algo,
    &xtrabackup_encrypt_algo_typelib, GET_ENUM, REQUIRED_ARG, 0, 0, 0, 0, 0, 0},
 
-  {"encrypt-key", OPT_XTRA_ENCRYPT_KEY, "Encryption key to use.",
-   (G_PTR*) &xtrabackup_encrypt_key, (G_PTR*) &xtrabackup_encrypt_key, 0,
+  {"encrypt-key", OPT_XTRA_ENCRYPT_KEY, "Encryption key to use.",0, 0, 0,
    GET_STR_ALLOC, REQUIRED_ARG, 0, 0, 0, 0, 0, 0},
 
   {"encrypt-key-file", OPT_XTRA_ENCRYPT_KEY_FILE, "File which contains encryption key to use.",
@@ -1532,6 +1531,17 @@ check_if_param_set(const char *param)
 	return param_set.find(param) != param_set.end();
 }
 
+/************************************************************************
+Mask the argument value. This is to avoid showing secret data on command
+line output */
+static void hide_option(char *argument, char **opt) {
+	char *start = argument;
+	my_free(*opt);
+	*opt = my_strdup(PSI_NOT_INSTRUMENTED, argument, MYF(MY_FAE));
+	while (*argument) *argument++ = 'x'; /*Destroy argument */
+	if (*start) start[1] = 0;   /*Cut length of argument */
+}
+
 my_bool
 xb_get_one_option(int optid,
 		  const struct my_option *opt,
@@ -1715,12 +1725,7 @@ xb_get_one_option(int optid,
       argument= (char*) "";                       /* Don't require password */
     if (argument)
     {
-      char *start = argument;
-      my_free(opt_password);
-      opt_password = my_strdup(PSI_NOT_INSTRUMENTED, argument,MYF(MY_FAE));
-      while (*argument) *argument++= 'x';         /* Destroy argument */
-      if (*start)
-        start[1] = 0;                             /* Cut length of argument */
+      hide_option(argument, &opt_password);
       tty_password = false;
     }
     else
@@ -1731,13 +1736,7 @@ xb_get_one_option(int optid,
       argument = (char*) "";                      /* Don't require password */
     if (argument)
     {
-      char *start = argument;
-      my_free(opt_transition_key);
-      opt_transition_key = my_strdup(PSI_NOT_INSTRUMENTED,
-                                     argument,MYF(MY_FAE));
-      while (*argument) *argument++= 'x';         /* Destroy argument */
-      if (*start)
-        start[1] = 0;                             /* Cut length of argument */
+      hide_option(argument, &opt_transition_key);
       tty_transition_key = false;
     }
     else
@@ -1747,6 +1746,9 @@ xb_get_one_option(int optid,
   case OPT_GENERATE_TRANSITION_KEY:
     use_dumped_tablespace_keys = true;
     break;
+  case OPT_XTRA_ENCRYPT_KEY:
+    hide_option(argument, &xtrabackup_encrypt_key);
+    break;
 
 #include "sslopt-case.h"
 
