Merge branch '5.5' into 10.0

6 files changed, 39 insertions, 17 deletions

diff --git a/extra/my_print_defaults.c b/extra/my_print_defaults.c
index e91163dde1c..7695f669b1f 100644
--- a/extra/my_print_defaults.c
+++ b/extra/my_print_defaults.c
@@ -99,12 +99,16 @@ static struct my_option my_long_options[] =
 };
 
 
-static void usage(my_bool version)
+static void version()
 {
-  printf("%s  Ver 1.6 for %s at %s\n",my_progname,SYSTEM_TYPE,
-	 MACHINE_TYPE);
-  if (version)
-    return;
+  printf("%s  Ver 1.6 for %s at %s\n",my_progname,SYSTEM_TYPE, MACHINE_TYPE);
+}
+
+
+static void usage() __attribute__ ((noreturn));
+static void usage()
+{
+  version();
   puts("This software comes with ABSOLUTELY NO WARRANTY. This is free software,\nand you are welcome to modify and redistribute it under the GPL license\n");
   puts("Prints all arguments that is give to some program using the default files");
   printf("Usage: %s [OPTIONS] [groups]\n", my_progname);
@@ -128,12 +132,13 @@ get_one_option(int optid, const struct my_option *opt __attribute__((unused)),
       exit(0);
     case 'I':
     case '?':
-      usage(0);
+      usage();
     case 'v':
       verbose++;
       break;
     case 'V':
-      usage(1);
+      version();
+      /* fall through */
     case '#':
       DBUG_PUSH(argument ? argument : default_dbug_option);
       break;
@@ -181,7 +186,7 @@ int main(int argc, char **argv)
     nargs+= array_elements(mysqld_groups);
 
   if (nargs < 2)
-    usage(0);
+    usage();
 
   load_default_groups=(char**) my_malloc(nargs*sizeof(char*), MYF(MY_WME));
   if (!load_default_groups)
diff --git a/extra/replace.c b/extra/replace.c
index 465c0c48f6e..2ad4979c09e 100644
--- a/extra/replace.c
+++ b/extra/replace.c
@@ -174,7 +174,7 @@ register char **argv[];
 	break;
       case 'V':
 	version=1;
-	/* fall through */
+        /* fall through */
       case 'I':
       case '?':
 	help=1;					/* Help text written */
diff --git a/extra/yassl/README b/extra/yassl/README
index a3d4f60f561..de1bf5132aa 100644
--- a/extra/yassl/README
+++ b/extra/yassl/README
@@ -12,6 +12,14 @@ before calling SSL_new();
 
 *** end Note ***
 
+yaSSL Release notes, version 2.4.4 (8/8/2017)
+    This release of yaSSL fixes an interop issue. A fix for detecting cipher
+    suites with non leading zeros is included as yaSSL only supports cipher
+    suites with leading zeros.  Thanks for the report from Security Innovation
+    and Oracle.
+
+    Users interoping with other SSL stacks should update.
+
 yaSSL Release notes, version 2.4.2 (9/22/2016)
     This release of yaSSL fixes a medium security vulnerability. A fix for
     potential AES side channel leaks is included that a local user monitoring
diff --git a/extra/yassl/include/openssl/ssl.h b/extra/yassl/include/openssl/ssl.h
index 9ec99b46c1f..a5ccef102b9 100644
--- a/extra/yassl/include/openssl/ssl.h
+++ b/extra/yassl/include/openssl/ssl.h
@@ -1,5 +1,6 @@
 /*
-   Copyright (c) 2005, 2014, Oracle and/or its affiliates.
+   Copyright (c) 2005, 2017, Oracle and/or its affiliates. All rights reserved.
+   Use is subject to license terms.
 
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@@ -34,7 +35,7 @@
 #include "rsa.h"
 
 
-#define YASSL_VERSION "2.4.2"
+#define YASSL_VERSION "2.4.4"
 
 
 #if defined(__cplusplus)
diff --git a/extra/yassl/src/yassl_imp.cpp b/extra/yassl/src/yassl_imp.cpp
index a481812b3e0..971a5b6654e 100644
--- a/extra/yassl/src/yassl_imp.cpp
+++ b/extra/yassl/src/yassl_imp.cpp
@@ -1,5 +1,5 @@
 /*
-   Copyright (c) 2005, 2014, Oracle and/or its affiliates
+   Copyright (c) 2005, 2017, Oracle and/or its affiliates.
 
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@@ -1578,6 +1578,10 @@ void ServerHello::Process(input_buffer& input, SSL& ssl)
         ssl.SetError(badVersion_error);
         return;
     }
+    if (cipher_suite_[0] != 0x00) {
+        ssl.SetError(unknown_cipher);
+        return;
+    }
     ssl.set_pending(cipher_suite_[1]);
     ssl.set_random(random_, server_end);
     if (id_len_)
diff --git a/extra/yassl/src/yassl_int.cpp b/extra/yassl/src/yassl_int.cpp
index ff9c8155d0c..884e8b5fa9d 100644
--- a/extra/yassl/src/yassl_int.cpp
+++ b/extra/yassl/src/yassl_int.cpp
@@ -1,5 +1,5 @@
 /*
-   Copyright (c) 2005, 2014, Oracle and/or its affiliates
+   Copyright (c) 2005, 2017, Oracle and/or its affiliates.
 
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@@ -1399,12 +1399,17 @@ void SSL::matchSuite(const opaque* peer, uint length)
     // start with best, if a match we are good, Ciphers are at odd index
     // since all SSL and TLS ciphers have 0x00 first byte
     for (uint i = 1; i < secure_.get_parms().suites_size_; i += 2)
-        for (uint j = 1; j < length; j+= 2)
-            if (secure_.use_parms().suites_[i] == peer[j]) {
+        for (uint j = 0; (j + 1) < length; j+= 2) {
+            if (peer[j] != 0x00) {
+                continue; // only 0x00 first byte supported
+            }
+
+            if (secure_.use_parms().suites_[i] == peer[j + 1]) {
                 secure_.use_parms().suite_[0] = 0x00;
-                secure_.use_parms().suite_[1] = peer[j];
+                secure_.use_parms().suite_[1] = peer[j + 1];
                 return;
             }
+        }
 
     SetError(match_error);
 }
@@ -2697,4 +2702,3 @@ extern "C" void yaSSL_CleanUp()
     yaSSL::sessionsInstance = 0;
     yaSSL::errorsInstance = 0;
 }
-