Bug #32628376 BACKPORT FIX OF BUG 32335263 TO 5.6+

Aditya A · Hery Ramilison · commit f3940265b864 · 2021-03-23T15:09:57.000+01:00
PROBLEM
-------
If the query contains password in plain text,
we have the query re-written immediately after
parsing and password string is replaced. However,
there is a unsafe window before rewrite is done
and in such case we should not display the plain
text password.

Affected queries are
SHOW PROCESSLIST;
SELECT ... FROM information_schema.processlist;

Solution:
---------
Fix this is to avoid displaying the
query string till re-write is over.

#rb 26092
#rb 26070

Reviewed-by: Debarun Bannerjee &lt;debarun.bannerjee@oracle.com&gt;
Reviewed-by: Reviewed by: Dyre Tjeldvold &lt;dyre.tjeldvoll@oracle.com&gt;

(cherry picked from commit c7d0c5b6ee1cfc2a5328e9adf058857b43e0a091)
diff --git a/sql/sql_class.cc b/sql/sql_class.cc
@@ -1,5 +1,5 @@
 /*
-   Copyright (c) 2000, 2019, Oracle and/or its affiliates. All rights reserved.
+   Copyright (c) 2000, 2021, Oracle and/or its affiliates. All rights reserved.
 
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License, version 2.0,
@@ -1010,6 +1010,7 @@ THD::THD(bool enable_plugins)
 #ifdef SIGNAL_WITH_VIO_SHUTDOWN
   active_vio = 0;
 #endif
+  my_atomic_store32(&m_safe_to_display, 0);
   mysql_mutex_init(key_LOCK_thd_data, &LOCK_thd_data, MY_MUTEX_INIT_FAST);
 
   /* Variables with default values */
diff --git a/sql/sql_class.h b/sql/sql_class.h
@@ -1,4 +1,4 @@
-/* Copyright (c) 2000, 2019, Oracle and/or its affiliates. All rights
+/* Copyright (c) 2000, 2021, Oracle and/or its affiliates. All rights
    reserved.
 
    This program is free software; you can redistribute it and/or modify
@@ -2243,7 +2243,7 @@ class THD :public MDL_context_owner,
 
 private:
   unsigned int m_current_stage_key;
-
+  volatile int32 m_safe_to_display;
 public:
   void enter_stage(const PSI_stage_info *stage,
                    PSI_stage_info *old_stage,
@@ -4040,8 +4040,27 @@ class THD :public MDL_context_owner,
 #ifdef HAVE_PSI_THREAD_INTERFACE
     PSI_THREAD_CALL(set_thread_info)(query_arg, query_length_arg);
 #endif
+    set_safe_display(true);
+  }
+  /**
+    Reset query string to be displayed in PFS. Also reset the safety flag
+    for information_schema.process_list for next query.
+  */
+  void reset_query_for_display(void) {
+    set_query_for_display(NULL, 0);
+    my_atomic_store32(&m_safe_to_display, 0);
   }
-  void reset_query_for_display(void) { set_query_for_display(NULL, 0); }
+
+  /** Set if the query string to be safe to display.
+  @param[in]  safe  if it is safe to display query string */
+  void set_safe_display(bool safe) {
+    int32 value = safe ? 1 : 0;
+    my_atomic_store32(&m_safe_to_display, value);
+  }
+
+   /** @return true, if safe to display the query string. */
+  int32 safe_to_display() { return my_atomic_load32(&m_safe_to_display);}
+
   void set_query(char *query_arg, uint32 query_length_arg,
                  const CHARSET_INFO *cs_arg)
   {
diff --git a/sql/sql_parse.cc b/sql/sql_parse.cc
@@ -1,4 +1,4 @@
-/* Copyright (c) 2000, 2020, Oracle and/or its affiliates.
+/* Copyright (c) 2000, 2021, Oracle and/or its affiliates.
 
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License, version 2.0,
@@ -1851,7 +1851,7 @@ bool dispatch_command(enum enum_server_command command, THD *thd,
   MYSQL_END_STATEMENT(thd->m_statement_psi, thd->get_stmt_da());
   thd->m_statement_psi= NULL;
   thd->m_digest= NULL;
-
+  thd->reset_query_for_display();
   dec_thread_running();
   thd->packet.shrink(thd->variables.net_buffer_length);	// Reclaim some memory
   free_root(thd->mem_root,MYF(MY_KEEP_PREALLOC));
@@ -6444,6 +6444,7 @@ void mysql_parse(THD *thd, char *rawbuf, uint length,
                       ? (found_semicolon - thd->query())
                       : thd->query_length();
 
+    DEBUG_SYNC_C("sql_parse_before_rewrite");
     if (!err)
     {
       /*
@@ -6490,6 +6491,8 @@ void mysql_parse(THD *thd, char *rawbuf, uint length,
       }
     }
 
+    DEBUG_SYNC_C("sql_parse_after_rewrite");
+
     if (!err)
     {
       thd->m_statement_psi= MYSQL_REFINE_STATEMENT(thd->m_statement_psi,
diff --git a/sql/sql_prepare.cc b/sql/sql_prepare.cc
@@ -1,4 +1,4 @@
-/* Copyright (c) 2002, 2018, Oracle and/or its affiliates. All rights reserved.
+/* Copyright (c) 2002, 2021, Oracle and/or its affiliates. All rights reserved.
 
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License, version 2.0,
@@ -2827,7 +2827,8 @@ void mysqld_stmt_fetch(THD *thd, char *packet, uint packet_length)
 
   thd->stmt_arena= stmt;
   thd->set_n_backup_statement(stmt, &stmt_backup);
-
+  int32 saved_safe_to_display = thd->safe_to_display();
+  thd->set_safe_display(true);
   cursor->fetch(num_rows);
 
   if (!cursor->is_open())
@@ -2837,6 +2838,7 @@ void mysqld_stmt_fetch(THD *thd, char *packet, uint packet_length)
   }
 
   thd->restore_backup_statement(stmt, &stmt_backup);
+  thd->set_safe_display(saved_safe_to_display);
   thd->stmt_arena= thd;
 
   DBUG_VOID_RETURN;
@@ -3407,11 +3409,14 @@ bool Prepared_statement::prepare(const char *packet, uint packet_len)
   */
   thd->set_n_backup_statement(this, &stmt_backup);
   thd->set_n_backup_active_arena(this, &stmt_backup);
+  int32 saved_safe_to_display = thd->safe_to_display();
+  thd->set_safe_display(true);
 
   if (alloc_query(thd, packet, packet_len))
   {
     thd->restore_backup_statement(this, &stmt_backup);
     thd->restore_active_arena(this, &stmt_backup);
+    thd->set_safe_display(saved_safe_to_display);
     DBUG_RETURN(TRUE);
   }
 
@@ -3433,6 +3438,7 @@ bool Prepared_statement::prepare(const char *packet, uint packet_len)
     thd->restore_backup_statement(this, &stmt_backup);
     thd->restore_active_arena(this, &stmt_backup);
     thd->stmt_arena= old_stmt_arena;
+    thd->set_safe_display(saved_safe_to_display);
     DBUG_RETURN(TRUE);
   }
 
@@ -3522,6 +3528,7 @@ bool Prepared_statement::prepare(const char *packet, uint packet_len)
 
   cleanup_stmt();
   thd->restore_backup_statement(this, &stmt_backup);
+  thd->set_safe_display(saved_safe_to_display);
   thd->stmt_arena= old_stmt_arena;
 
   if (error == 0)
@@ -3751,6 +3758,8 @@ Prepared_statement::execute_server_runnable(Server_runnable *server_runnable)
   thd->set_n_backup_statement(this, &stmt_backup);
   thd->set_n_backup_active_arena(this, &stmt_backup);
   thd->stmt_arena= this;
+  int32 saved_safe_to_display = thd->safe_to_display();
+  thd->set_safe_display(true);
 
   error= server_runnable->execute_server_code(thd);
 
@@ -3759,6 +3768,7 @@ Prepared_statement::execute_server_runnable(Server_runnable *server_runnable)
   thd->restore_active_arena(this, &stmt_backup);
   thd->restore_backup_statement(this, &stmt_backup);
   thd->stmt_arena= save_stmt_arena;
+  thd->set_safe_display(saved_safe_to_display);
 
   save_change_list.move_elements_to(&thd->change_list);
 
@@ -3993,6 +4003,8 @@ bool Prepared_statement::execute(String *expanded_query, bool open_cursor)
   */
 
   thd->set_n_backup_statement(this, &stmt_backup);
+  int32 saved_safe_to_display = thd->safe_to_display();
+  thd->set_safe_display(true);
 
   /*
     Change the current database (if needed).
@@ -4107,6 +4119,7 @@ bool Prepared_statement::execute(String *expanded_query, bool open_cursor)
 
   thd->set_statement(&stmt_backup);
   thd->stmt_arena= old_stmt_arena;
+  thd->set_safe_display(saved_safe_to_display);
 
   if (state == Query_arena::STMT_PREPARED)
     state= Query_arena::STMT_EXECUTED;
diff --git a/sql/sql_show.cc b/sql/sql_show.cc
@@ -1,4 +1,4 @@
-/* Copyright (c) 2000, 2020, Oracle and/or its affiliates. All rights reserved.
+/* Copyright (c) 2000, 2021, Oracle and/or its affiliates. All rights reserved.
 
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License, version 2.0,
@@ -2179,7 +2179,7 @@ void mysqld_list_processes(THD *thd,const char *user, bool verbose)
           size_t query_length;
           if ((query_length = tmp->rewritten_query.length()) > 0) {
             query_str = tmp->rewritten_query.c_ptr();
-          } else {
+          } else if(tmp->safe_to_display()) {
             query_length = tmp->query_length();
             query_str = tmp->query();
           }
@@ -2330,7 +2330,7 @@ int fill_schema_processlist(THD* thd, TABLE_LIST* tables, Item* cond)
 
         if ((query_length = tmp->rewritten_query.length()) > 0) {
           query_str = tmp->rewritten_query.c_ptr();
-        } else {
+        } else if(tmp->safe_to_display()){
           query_length = tmp->query_length();
           query_str = tmp->query();
         }
