diff options
author | Wen Hui <wen.hui.ware@gmail.com> | 2021-10-26 06:13:12 -0400 |
---|---|---|
committer | Oran Agra <oran@redislabs.com> | 2022-12-12 17:02:54 +0200 |
commit | 389c5e14ad231892862cb6b3979cfa546170a173 (patch) | |
tree | b998c5105ebff78a18a3d59b5576325de343f6de | |
parent | 64c657a8af03c6d58507b9620947491f36e75037 (diff) | |
download | redis-389c5e14ad231892862cb6b3979cfa546170a173.tar.gz |
Sentinel: don't log auth-pass value for better security (#9652)
(cherry picked from commit 43b22f17dc3eb77a255f140fa37765f306541b7a)
-rw-r--r-- | src/sentinel.c | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/src/sentinel.c b/src/sentinel.c index 50ac18d9f..982be9741 100644 --- a/src/sentinel.c +++ b/src/sentinel.c @@ -4024,6 +4024,7 @@ void sentinelSetCommand(client *c) { int j, changes = 0; int badarg = 0; /* Bad argument position for error reporting. */ char *option; + int redacted; if ((ri = sentinelGetMasterByNameOrReplyError(c,c->argv[2])) == NULL) return; @@ -4034,6 +4035,7 @@ void sentinelSetCommand(client *c) { option = c->argv[j]->ptr; long long ll; int old_j = j; /* Used to know what to log as an event. */ + redacted = 0; if (!strcasecmp(option,"down-after-milliseconds") && moreargs > 0) { /* down-after-millisecodns <milliseconds> */ @@ -4108,6 +4110,7 @@ void sentinelSetCommand(client *c) { sdsfree(ri->auth_pass); ri->auth_pass = strlen(value) ? sdsnew(value) : NULL; changes++; + redacted = 1; } else if (!strcasecmp(option,"auth-user") && moreargs > 0) { /* auth-user <username> */ char *value = c->argv[++j]->ptr; @@ -4155,7 +4158,7 @@ void sentinelSetCommand(client *c) { switch(numargs) { case 2: sentinelEvent(LL_WARNING,"+set",ri,"%@ %s %s",(char*)c->argv[old_j]->ptr, - (char*)c->argv[old_j+1]->ptr); + redacted ? "******" : (char*)c->argv[old_j+1]->ptr); break; case 3: sentinelEvent(LL_WARNING,"+set",ri,"%@ %s %s %s",(char*)c->argv[old_j]->ptr, |