MB-49705 [BP] Don't leak sensitive information (engage_cluster)

stevewatanabe · stevewatanabe · commit 4a54f7be12e7 · 2022-03-17T18:56:28.000Z
Prior to this change a crash while doing an engage_cluster could leak sensitive information such as PRIVATE KEYs. We know wrap the list of arguments used by engage_cluster in a function and pass the function instead. This is a backport of MB-48222. Change-Id: I5b268d525f6c58114fbe169d9ba7fc3f75845a9b Reviewed-on: https://review.couchbase.org/c/ns_server/+/172372 Well-Formed: Build Bot <build@couchbase.com> Well-Formed: Restriction Checker Reviewed-by: Bryan McCoid <bryan.mccoid@couchbase.com> Tested-by: Steve Watanabe <steve.watanabe@couchbase.com>
diff --git a/src/ns_cluster.erl b/src/ns_cluster.erl
@@ -293,7 +293,9 @@ ensure_dist_ports_match(NodeKVList) ->
     end.
 
 call_engage_cluster(NodeKVList) ->
-    gen_server:call(?MODULE, {engage_cluster, NodeKVList}, ?ENGAGE_TIMEOUT).
+    NodeKVListThunk  = fun () -> NodeKVList end,
+    gen_server:call(?MODULE, {engage_cluster, NodeKVListThunk},
+                    ?ENGAGE_TIMEOUT).
 
 complete_join(NodeKVList) ->
     gen_server:call(?MODULE, {complete_join, NodeKVList}, ?COMPLETE_TIMEOUT).
@@ -407,7 +409,8 @@ handle_call({add_node_to_group, Scheme, RemoteAddr, RestPort, Auth, GroupUUID,
                    [Scheme, RemoteAddr, RestPort, GroupUUID, RV]),
     {reply, RV, State};
 
-handle_call({engage_cluster, NodeKVList}, _From, State) ->
+handle_call({engage_cluster, NodeKVListThunk}, _From, State) ->
+    NodeKVList = NodeKVListThunk(),
     ?cluster_debug("handling engage_cluster(~p)", [sanitize_node_info(NodeKVList)]),
     RV = do_engage_cluster(NodeKVList),
     ?cluster_debug("engage_cluster(..) -> ~p", [RV]),
