Bug #18163964 PASSWORD IS VISIBLE WHILE CHANGING IT FROM

MYSQLADMIN IN PROCESSES LIST Description: Checking the process status (with ps -ef) while executing "mysqladmin" with old password and new password via command-line will show the new password in the process list sporadically. Analysis: The old password is being masked by "mysqladmin". So masking the new password in the similar manner would reduce hitting the bug. But this would not completely fix the bug, because if "ps -ef " command hits the mysqladmin before it masks the passwords it will show both the old and new passwords in the process list. But the chances of hitting this is very less. Fix: The new password also masked in the similar manner that of the --password argument.
author: Arun Kuruvila <arun.kuruvila@oracle.com> 2014-05-16 09:16:39 +0530
committer: Arun Kuruvila <arun.kuruvila@oracle.com> 2014-05-16 09:16:39 +0530
commit: 83836886a1adfff2a1e85a62278047bd16530682 (patch)
tree: 78072ec99f391571f9b5d9b8ddf60a60cc416bb5 /client
parent: cb0afbd1265a33578909554ffc2cbc63de02f09d (diff)
download: mariadb-git-83836886a1adfff2a1e85a62278047bd16530682.tar.gz
1 files changed, 56 insertions, 4 deletions
diff --git a/client/mysqladmin.cc b/client/mysqladmin.cc
index 1bb4ac41b1e..2a1f8b521f0 100644
--- a/client/mysqladmin.cc
+++ b/client/mysqladmin.cc
@@ -1,5 +1,5 @@
 /*
-   Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved.
+   Copyright (c) 2000, 2014, Oracle and/or its affiliates. All rights reserved.
 
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@@ -71,6 +71,7 @@ extern "C" my_bool get_one_option(int optid, const struct my_option *opt,
                                   char *argument);
 static my_bool sql_connect(MYSQL *mysql, uint wait);
 static int execute_commands(MYSQL *mysql,int argc, char **argv);
+static char **mask_password(int argc, char ***argv);
 static int drop_db(MYSQL *mysql,const char *db);
 extern "C" sig_handler endprog(int signal_number);
 static void nice_time(ulong sec,char *buff);
@@ -304,9 +305,9 @@ get_one_option(int optid, const struct my_option *opt __attribute__((unused)),
 
 int main(int argc,char *argv[])
 {
-  int error= 0, ho_error;
+  int error= 0, ho_error, temp_argc;
   MYSQL mysql;
-  char **commands, **save_argv;
+  char **commands, **save_argv, **temp_argv;
 
   MY_INIT(argv[0]);
   mysql_init(&mysql);
@@ -318,6 +319,9 @@ int main(int argc,char *argv[])
     free_defaults(save_argv);
     exit(ho_error);
   }
+  temp_argv= mask_password(argc, &argv);
+  temp_argc= argc;
+
   if (debug_info_flag)
     my_end_arg= MY_CHECK_ERROR | MY_GIVE_INFO;
   if (debug_check_flag)
@@ -328,7 +332,7 @@ int main(int argc,char *argv[])
     usage();
     exit(1);
   }
-  commands = argv;
+  commands = temp_argv;
   if (tty_password)
     opt_password = get_tty_password(NullS);
 
@@ -476,6 +480,13 @@ int main(int argc,char *argv[])
   my_free(shared_memory_base_name);
 #endif
   free_defaults(save_argv);
+  temp_argc--;
+  while(temp_argc >= 0)
+  {
+    my_free(temp_argv[temp_argc]);
+    temp_argc--;
+  }
+  my_free(temp_argv);
   my_end(my_end_arg);
   exit(error ? 1 : 0);
   return 0;
@@ -1089,6 +1100,47 @@ static int execute_commands(MYSQL *mysql,int argc, char **argv)
   return 0;
 }
 
+/**
+   @brief Masking the password if it is passed as command line argument.
+
+   @details It works in Linux and changes cmdline in ps and /proc/pid/cmdline,
+            but it won't work for history file of shell.
+            The command line arguments are copied to another array and the
+            password in the argv is masked. This function is called just after
+            "handle_options" because in "handle_options", the agrv pointers
+            are altered which makes freeing of dynamically allocated memory
+            difficult. The password masking is done before all other operations
+            in order to minimise the time frame of password visibility via cmdline.
+
+   @param argc            command line options (count)
+   @param argv            command line options (values)
+
+   @return temp_argv      copy of argv
+*/
+
+static char **mask_password(int argc, char ***argv)
+{
+  char **temp_argv;
+  temp_argv= (char **)(my_malloc(sizeof(char *) * argc, MYF(MY_WME)));
+  argc--;
+  while (argc > 0)
+  {
+    temp_argv[argc]= my_strdup((*argv)[argc], MYF(MY_FAE));
+    if (find_type((*argv)[argc - 1],&command_typelib, FIND_TYPE_BASIC) == ADMIN_PASSWORD ||
+        find_type((*argv)[argc - 1],&command_typelib, FIND_TYPE_BASIC) == ADMIN_OLD_PASSWORD)
+    {
+      char *start= (*argv)[argc];
+      while (*start)
+        *start++= 'x';
+      start= (*argv)[argc];
+      if (*start)
+        start[1]= 0;                         /* Cut length of argument */
+     }
+    argc--;
+  }
+  temp_argv[argc]= my_strdup((*argv)[argc], MYF(MY_FAE));
+  return(temp_argv);
+}
 
 static void print_version(void)
 {
author	Arun Kuruvila <arun.kuruvila@oracle.com>	2014-05-16 09:16:39 +0530
committer	Arun Kuruvila <arun.kuruvila@oracle.com>	2014-05-16 09:16:39 +0530
commit	83836886a1adfff2a1e85a62278047bd16530682 (patch)
tree	78072ec99f391571f9b5d9b8ddf60a60cc416bb5 /client
parent	cb0afbd1265a33578909554ffc2cbc63de02f09d (diff)
download	mariadb-git-83836886a1adfff2a1e85a62278047bd16530682.tar.gz