From 0943b33de3daa0fcbf58803be8e991941de63218 Mon Sep 17 00:00:00 2001
From: Vladislav Vaintroub <wlad@mariadb.com>
Date: Wed, 14 Mar 2018 14:35:27 +0000
Subject: MDEV-12190  YASSL isn't able to negotiate TLS version correctly

Backport from 10.2
---
 extra/yassl/src/handshake.cpp | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/extra/yassl/src/handshake.cpp b/extra/yassl/src/handshake.cpp
index aa2de39333c..bb8e3791552 100644
--- a/extra/yassl/src/handshake.cpp
+++ b/extra/yassl/src/handshake.cpp
@@ -787,6 +787,16 @@ int DoProcessReply(SSL& ssl)
             needHdr = true;
         else {
             buffer >> hdr;
+            /*
+              According to RFC 4346 (see "7.4.1.3. Server Hello"), the Server Hello
+              packet needs to specify the highest supported TLS version, but not
+              higher than what client requests. YaSSL highest supported version is
+              TLSv1.1 (=3.2) - if the client requests a higher version, downgrade it
+              here to 3.2.
+              See also Appendix E of RFC 5246 (TLS 1.2)
+            */
+            if (hdr.version_.major_ == 3 && hdr.version_.minor_ > 2)
+              hdr.version_.minor_ = 2;
             ssl.verifyState(hdr);
         }
 
-- 
cgit v1.2.1


From 75c76dbb06a99359d867e2a516f3244bf41fde96 Mon Sep 17 00:00:00 2001
From: Eugene Kosov <claprix@yandex.ru>
Date: Mon, 19 Mar 2018 16:18:53 +0300
Subject: MDEV-15030 Add ASAN instrumentation

Learn both valgrind and asan to catch this bug:

  mem_heap_t* heap = mem_heap_create(1024);
  byte* p = reinterpret_cast<byte*>(heap) + sizeof(mem_heap_t);
  *p = 123;

Overflows of the last allocation in a block will be catched too.

mem_heap_create_block(): poison newly allocated memory
---
 storage/innobase/mem/mem0mem.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/storage/innobase/mem/mem0mem.c b/storage/innobase/mem/mem0mem.c
index 6e9a39d329f..31f235b1960 100644
--- a/storage/innobase/mem/mem0mem.c
+++ b/storage/innobase/mem/mem0mem.c
@@ -404,6 +404,8 @@ mem_heap_create_block(
 		heap->total_size += len;
 	}
 
+	UNIV_MEM_FREE(block + 1, len - MEM_BLOCK_HEADER_SIZE);
+
 	ut_ad((ulint)MEM_BLOCK_HEADER_SIZE < len);
 
 	return(block);
-- 
cgit v1.2.1


From 5a8f8f89d65b75e51048288a49c86a8d974a8543 Mon Sep 17 00:00:00 2001
From: Eugene Kosov <claprix@yandex.ru>
Date: Tue, 20 Mar 2018 10:46:57 +0300
Subject: honor alignment rules and xtradb too

---
 include/my_valgrind.h          | 2 ++
 storage/innobase/mem/mem0mem.c | 5 ++++-
 storage/xtradb/mem/mem0mem.c   | 5 +++++
 3 files changed, 11 insertions(+), 1 deletion(-)

diff --git a/include/my_valgrind.h b/include/my_valgrind.h
index b76f5607bb5..8dde079b976 100644
--- a/include/my_valgrind.h
+++ b/include/my_valgrind.h
@@ -35,6 +35,8 @@
 # define MEM_CHECK_DEFINED(a,len) VALGRIND_CHECK_MEM_IS_DEFINED(a,len)
 #elif defined(__SANITIZE_ADDRESS__)
 # include <sanitizer/asan_interface.h>
+/* How to do manual poisoning:
+https://github.com/google/sanitizers/wiki/AddressSanitizerManualPoisoning */
 # define MEM_UNDEFINED(a,len) ASAN_UNPOISON_MEMORY_REGION(a,len)
 # define MEM_NOACCESS(a,len) ASAN_POISON_MEMORY_REGION(a,len)
 # define MEM_CHECK_ADDRESSABLE(a,len) ((void) 0)
diff --git a/storage/innobase/mem/mem0mem.c b/storage/innobase/mem/mem0mem.c
index 31f235b1960..924231470aa 100644
--- a/storage/innobase/mem/mem0mem.c
+++ b/storage/innobase/mem/mem0mem.c
@@ -404,7 +404,10 @@ mem_heap_create_block(
 		heap->total_size += len;
 	}
 
-	UNIV_MEM_FREE(block + 1, len - MEM_BLOCK_HEADER_SIZE);
+	/* Poison all available memory. Individual chunks will be unpoisoned on
+	every mem_heap_alloc() call. */
+	compile_time_assert(MEM_BLOCK_HEADER_SIZE >= sizeof *block);
+	UNIV_MEM_FREE(block + 1, len - sizeof *block);
 
 	ut_ad((ulint)MEM_BLOCK_HEADER_SIZE < len);
 
diff --git a/storage/xtradb/mem/mem0mem.c b/storage/xtradb/mem/mem0mem.c
index 6e9a39d329f..924231470aa 100644
--- a/storage/xtradb/mem/mem0mem.c
+++ b/storage/xtradb/mem/mem0mem.c
@@ -404,6 +404,11 @@ mem_heap_create_block(
 		heap->total_size += len;
 	}
 
+	/* Poison all available memory. Individual chunks will be unpoisoned on
+	every mem_heap_alloc() call. */
+	compile_time_assert(MEM_BLOCK_HEADER_SIZE >= sizeof *block);
+	UNIV_MEM_FREE(block + 1, len - sizeof *block);
+
 	ut_ad((ulint)MEM_BLOCK_HEADER_SIZE < len);
 
 	return(block);
-- 
cgit v1.2.1