Merge branch '10.1' into 10.2

7 files changed, 44 insertions, 22 deletions

diff --git a/extra/mariabackup/xtrabackup.cc b/extra/mariabackup/xtrabackup.cc
index 6bc506f14d0..00e500c181a 100644
--- a/extra/mariabackup/xtrabackup.cc
+++ b/extra/mariabackup/xtrabackup.cc
@@ -4512,7 +4512,7 @@ xb_process_datadir(
 	handle_datadir_entry_func_t	func)	/*!<in: callback */
 {
 	ulint		ret;
-	char		dbpath[FN_REFLEN];
+	char		dbpath[OS_FILE_MAX_PATH];
 	os_file_dir_t	dir;
 	os_file_dir_t	dbdir;
 	os_file_stat_t	dbinfo;
@@ -4578,8 +4578,8 @@ next_file_item_1:
 		        goto next_datadir_item;
 		}
 
-		sprintf(dbpath, "%s/%s", path,
-								dbinfo.name);
+		snprintf(dbpath, sizeof(dbpath), "%s/%s", path, dbinfo.name);
+
 		os_normalize_path(dbpath);
 
 		dbdir = os_file_opendir(dbpath, FALSE);
@@ -5531,4 +5531,3 @@ static int get_exepath(char *buf, size_t size, const char *argv0)
 
   return my_realpath(buf, argv0, 0);
 }
-
diff --git a/extra/my_print_defaults.c b/extra/my_print_defaults.c
index bfd0c3c635a..78940e02ca4 100644
--- a/extra/my_print_defaults.c
+++ b/extra/my_print_defaults.c
@@ -98,18 +98,23 @@ static struct my_option my_long_options[] =
   {0, 0, 0, 0, 0, 0, GET_NO_ARG, NO_ARG, 0, 0, 0, 0, 0, 0}
 };
 
-void cleanup_and_exit(int exit_code)
+static void cleanup_and_exit(int exit_code) __attribute__ ((noreturn));
+static void cleanup_and_exit(int exit_code)
 {
   my_end(0);
   exit(exit_code);
 }
 
-static void usage(my_bool version)
+static void version()
 {
-  printf("%s  Ver 1.6 for %s at %s\n",my_progname,SYSTEM_TYPE,
-	 MACHINE_TYPE);
-  if (version)
-    return;
+  printf("%s  Ver 1.6 for %s at %s\n",my_progname,SYSTEM_TYPE, MACHINE_TYPE);
+}
+
+
+static void usage() __attribute__ ((noreturn));
+static void usage()
+{
+  version();
   puts("This software comes with ABSOLUTELY NO WARRANTY. This is free software,\nand you are welcome to modify and redistribute it under the GPL license\n");
   puts("Prints all arguments that is give to some program using the default files");
   printf("Usage: %s [OPTIONS] [groups]\n", my_progname);
@@ -133,12 +138,13 @@ get_one_option(int optid, const struct my_option *opt __attribute__((unused)),
       cleanup_and_exit(0);
     case 'I':
     case '?':
-      usage(0);
+      usage();
     case 'v':
       verbose++;
       break;
     case 'V':
-      usage(1);
+      version();
+      /* fall through */
     case '#':
       DBUG_PUSH(argument ? argument : default_dbug_option);
       break;
@@ -186,7 +192,7 @@ int main(int argc, char **argv)
     nargs+= array_elements(mysqld_groups);
 
   if (nargs < 2)
-    usage(0);
+    usage();
 
   load_default_groups=(char**) my_malloc(nargs*sizeof(char*), MYF(MY_WME));
   if (!load_default_groups)
diff --git a/extra/replace.c b/extra/replace.c
index b8c328f2902..eabf953837b 100644
--- a/extra/replace.c
+++ b/extra/replace.c
@@ -174,7 +174,7 @@ register char **argv[];
 	break;
       case 'V':
 	version=1;
-	/* fall through */
+        /* fall through */
       case 'I':
       case '?':
 	help=1;					/* Help text written */
diff --git a/extra/yassl/README b/extra/yassl/README
index a3d4f60f561..de1bf5132aa 100644
--- a/extra/yassl/README
+++ b/extra/yassl/README
@@ -12,6 +12,14 @@ before calling SSL_new();
 
 *** end Note ***
 
+yaSSL Release notes, version 2.4.4 (8/8/2017)
+    This release of yaSSL fixes an interop issue. A fix for detecting cipher
+    suites with non leading zeros is included as yaSSL only supports cipher
+    suites with leading zeros.  Thanks for the report from Security Innovation
+    and Oracle.
+
+    Users interoping with other SSL stacks should update.
+
 yaSSL Release notes, version 2.4.2 (9/22/2016)
     This release of yaSSL fixes a medium security vulnerability. A fix for
     potential AES side channel leaks is included that a local user monitoring
diff --git a/extra/yassl/include/openssl/ssl.h b/extra/yassl/include/openssl/ssl.h
index ede4581fa13..f750f601d29 100644
--- a/extra/yassl/include/openssl/ssl.h
+++ b/extra/yassl/include/openssl/ssl.h
@@ -1,5 +1,6 @@
 /*
-   Copyright (c) 2005, 2014, Oracle and/or its affiliates.
+   Copyright (c) 2005, 2017, Oracle and/or its affiliates. All rights reserved.
+   Use is subject to license terms.
 
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@@ -34,7 +35,7 @@
 #include "rsa.h"
 
 
-#define YASSL_VERSION "2.4.2"
+#define YASSL_VERSION "2.4.4"
 
 
 #if defined(__cplusplus)
diff --git a/extra/yassl/src/yassl_imp.cpp b/extra/yassl/src/yassl_imp.cpp
index a481812b3e0..971a5b6654e 100644
--- a/extra/yassl/src/yassl_imp.cpp
+++ b/extra/yassl/src/yassl_imp.cpp
@@ -1,5 +1,5 @@
 /*
-   Copyright (c) 2005, 2014, Oracle and/or its affiliates
+   Copyright (c) 2005, 2017, Oracle and/or its affiliates.
 
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@@ -1578,6 +1578,10 @@ void ServerHello::Process(input_buffer& input, SSL& ssl)
         ssl.SetError(badVersion_error);
         return;
     }
+    if (cipher_suite_[0] != 0x00) {
+        ssl.SetError(unknown_cipher);
+        return;
+    }
     ssl.set_pending(cipher_suite_[1]);
     ssl.set_random(random_, server_end);
     if (id_len_)
diff --git a/extra/yassl/src/yassl_int.cpp b/extra/yassl/src/yassl_int.cpp
index edc89df4cfa..1dc89df9d86 100644
--- a/extra/yassl/src/yassl_int.cpp
+++ b/extra/yassl/src/yassl_int.cpp
@@ -1,5 +1,5 @@
 /*
-   Copyright (c) 2005, 2014, Oracle and/or its affiliates
+   Copyright (c) 2005, 2017, Oracle and/or its affiliates.
 
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@@ -1399,12 +1399,17 @@ void SSL::matchSuite(const opaque* peer, uint length)
     // start with best, if a match we are good, Ciphers are at odd index
     // since all SSL and TLS ciphers have 0x00 first byte
     for (uint i = 1; i < secure_.get_parms().suites_size_; i += 2)
-        for (uint j = 1; j < length; j+= 2)
-            if (secure_.use_parms().suites_[i] == peer[j]) {
+        for (uint j = 0; (j + 1) < length; j+= 2) {
+            if (peer[j] != 0x00) {
+                continue; // only 0x00 first byte supported
+            }
+
+            if (secure_.use_parms().suites_[i] == peer[j + 1]) {
                 secure_.use_parms().suite_[0] = 0x00;
-                secure_.use_parms().suite_[1] = peer[j];
+                secure_.use_parms().suite_[1] = peer[j + 1];
                 return;
             }
+        }
 
     SetError(match_error);
 }
@@ -2702,4 +2707,3 @@ extern "C" void yaSSL_CleanUp()
     yaSSL::sessionsInstance = 0;
     yaSSL::errorsInstance = 0;
 }
-