From 86ee30cea95b4a3c8b34398e75e4fc62d0501616 Mon Sep 17 00:00:00 2001
From: Alexey Yurchenko <ayurchen@gmail.com>
Date: Sat, 6 Jun 2015 01:08:41 +0300
Subject: [PATCH] Refs codership/mysql-wsrep#141: this commit   1. Passes
 wsrep_sst_auth_value to SST scripts via WSREP_SST_OPT_AUTH envronmental
 variable, so it never appears on the command line   2. In mysqldump and
 xtrabackup* SST scripts which rely on MySQL authentication, instead of
 passing password on the command line, SST script sets MYSQL_PWD environment
 variable, so that password also never appears on the mysqldump/innobackupex
 command line.

---
 scripts/wsrep_sst_common.sh    |  4 ++--
 scripts/wsrep_sst_mysqldump.sh | 11 +++++++++++
 sql/wsrep_utils.cc             |  5 +++--
 3 files changed, 16 insertions(+), 4 deletions(-)

diff --git a/scripts/wsrep_sst_common.sh b/scripts/wsrep_sst_common.sh
index 0aa338510e0..f7cd9e91849 100644
--- a/scripts/wsrep_sst_common.sh
+++ b/scripts/wsrep_sst_common.sh
@@ -143,8 +143,8 @@ readonly WSREP_SST_OPT_AUTH
 if ! wsrep_auth_not_set
 then
     readonly AUTH_VEC=(${WSREP_SST_OPT_AUTH//:/ })
-    WSREP_SST_OPT_USER="${AUTH_VEC[0]:-}"
-    WSREP_SST_OPT_PSWD="${AUTH_VEC[1]:-}"
+    [ -n "${AUTH_VEC[0]}" ] && WSREP_SST_OPT_USER="${AUTH_VEC[0]}"
+    [ -n "${AUTH_VEC[1]}" ] && WSREP_SST_OPT_PSWD="${AUTH_VEC[1]}"
 fi
 readonly WSREP_SST_OPT_USER
 readonly WSREP_SST_OPT_PSWD
diff --git a/scripts/wsrep_sst_mysqldump.sh b/scripts/wsrep_sst_mysqldump.sh
index 9a061f89e43..7a5695851d4 100644
--- a/scripts/wsrep_sst_mysqldump.sh
+++ b/scripts/wsrep_sst_mysqldump.sh
@@ -76,6 +76,17 @@ fi
 # word, it is arguably more secure than passing password on the command line.
 [ -n "$WSREP_SST_OPT_PSWD" ] && export MYSQL_PWD="$WSREP_SST_OPT_PSWD"
 
+# Refs https://github.com/codership/mysql-wsrep/issues/141
+# Passing password in MYSQL_PWD environment variable is considered
+# "extremely insecure" by MySQL Guidelines for Password Security
+# (https://dev.mysql.com/doc/refman/5.6/en/password-security-user.html)
+# that is even less secure than passing it on a command line! It is doubtful:
+# the whole command line is easily observable by any unprivileged user via ps,
+# whereas (at least on Linux) unprivileged user can't see process environment
+# that he does not own. So while it may be not secure in the NSA sense of the
+# word, it is arguably more secure than passing password on the command line.
+[ -n "$WSREP_SST_OPT_PSWD" ] && export MYSQL_PWD="$WSREP_SST_OPT_PSWD"
+
 STOP_WSREP="SET wsrep_on=OFF;"
 
 # mysqldump cannot restore CSV tables, fix this issue
diff --git a/sql/wsrep_utils.cc b/sql/wsrep_utils.cc
index 719e8e6b473..b6b50ae7443 100644
--- a/sql/wsrep_utils.cc
+++ b/sql/wsrep_utils.cc
@@ -165,9 +165,10 @@ env::append(const char* val)
             ++len_;
             env_[len_] = NULL;
         }
-        else errno_ = errno;
     }
-    else errno_ = errno;
+
+    /* if either realloc() or strdup() failed, errno had been set */
+    errno_ = errno;
 
     return errno_;
 }