MB-49705 [BP] Don't leak sensitive information (complete_join)

stevewatanabe · stevewatanabe · commit 725696825faf · 2022-03-17T18:56:32.000Z
Prior to this change a crash while doing an engage_cluster could leak sensitive information such as PRIVATE KEYs. We know wrap the list of arguments used by engage_cluster in a function and pass the function instead. This is a backport of MB-48222. Change-Id: I30ac0c0f4a6c5542519619328dc21981bdb81de6 Reviewed-on: https://review.couchbase.org/c/ns_server/+/172373 Well-Formed: Build Bot <build@couchbase.com> Well-Formed: Restriction Checker Reviewed-by: Bryan McCoid <bryan.mccoid@couchbase.com> Tested-by: Steve Watanabe <steve.watanabe@couchbase.com>
diff --git a/src/ns_cluster.erl b/src/ns_cluster.erl
@@ -298,7 +298,9 @@ call_engage_cluster(NodeKVList) ->
                     ?ENGAGE_TIMEOUT).
 
 complete_join(NodeKVList) ->
-    gen_server:call(?MODULE, {complete_join, NodeKVList}, ?COMPLETE_TIMEOUT).
+    NodeKVListThunk  = fun () -> NodeKVList end,
+    gen_server:call(?MODULE, {complete_join, NodeKVListThunk},
+                    ?COMPLETE_TIMEOUT).
 
 multi_call(Nodes, Call, Timeout) ->
     {_Replies, BadNodes} =
@@ -416,7 +418,8 @@ handle_call({engage_cluster, NodeKVListThunk}, _From, State) ->
     ?cluster_debug("engage_cluster(..) -> ~p", [RV]),
     {reply, RV, State};
 
-handle_call({complete_join, NodeKVList}, _From, State) ->
+handle_call({complete_join, NodeKVListThunk}, _From, State) ->
+    NodeKVList = NodeKVListThunk(),
     ?cluster_debug("handling complete_join(~p)", [sanitize_node_info(NodeKVList)]),
     RV = do_complete_join(NodeKVList),
     ?cluster_debug("complete_join(~p) -> ~p", [sanitize_node_info(NodeKVList), RV]),
