From f8ca3c0897267b323ba080be04569b26579c68b1 Mon Sep 17 00:00:00 2001 From: Krzysztof Opasiak Date: Wed, 2 Sep 2020 11:02:12 +0200 Subject: [CLAMP,COMMON] Escape special chars in mysql passwords Fix both clamp and common mariadb-galera instances to make sure that special characters in passwords are escaped properly. Issue-ID: OOM-2328 Signed-off-by: Krzysztof Opasiak Change-Id: Iee48523d36d404ad7b21515f0d205f2f60a507ed (cherry picked from commit 7860146d73472e3b2ff9f7390638ae608c9f9d0f) --- .../charts/mariadb/resources/config/init/docker-entrypoint.sh | 7 ++++++- .../common/mariadb-galera/resources/config/configure-mysql.sh | 5 +++-- 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/kubernetes/clamp/charts/mariadb/resources/config/init/docker-entrypoint.sh b/kubernetes/clamp/charts/mariadb/resources/config/init/docker-entrypoint.sh index 6c69694011..71f32e2eff 100755 --- a/kubernetes/clamp/charts/mariadb/resources/config/init/docker-entrypoint.sh +++ b/kubernetes/clamp/charts/mariadb/resources/config/init/docker-entrypoint.sh @@ -18,6 +18,11 @@ for arg; do esac done +prepare_password() +{ + echo "$1" | sed -e "s/'/\\\\'/g; s/\"/\\\\\"/g" +} + # usage: file_env VAR [DEFAULT] # ie: file_env 'XYZ_DB_PASSWORD' 'example' # (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of @@ -36,7 +41,7 @@ file_env() { elif [ "${!fileVar:-}" ]; then val="$(< "${!fileVar}")" fi - val=`echo -n $val | sed -e "s/'/''/g"` + val=`prepare_password $val` export "$var"="$val" unset "$fileVar" } diff --git a/kubernetes/common/mariadb-galera/resources/config/configure-mysql.sh b/kubernetes/common/mariadb-galera/resources/config/configure-mysql.sh index 42c5c89726..678761736a 100755 --- a/kubernetes/common/mariadb-galera/resources/config/configure-mysql.sh +++ b/kubernetes/common/mariadb-galera/resources/config/configure-mysql.sh @@ -32,8 +32,9 @@ if [ -z "$MYSQL_INITDB_SKIP_TZINFO" ]; then mysql_tzinfo_to_sql /usr/share/zoneinfo | sed 's/Local time zone must be set--see zic manual page/FCTY/' | "${mysql[@]}" mysql fi -function prepare_password { - echo -n $1 | sed -e "s/'/''/g" +prepare_password() +{ + echo "$1" | sed -e "s/'/\\\\'/g; s/\"/\\\\\"/g" } mysql_root_password=`prepare_password $MYSQL_ROOT_PASSWORD` -- cgit 1.2.3-korg