Merge tsmith@bk-internal.mysql.com:/home/bk/mysql-5.1-build

into  ramayana.hindu.god:/home/tsmith/m/bk/build/51

cmd-line-utils/readline/bind.c

@@ -27,7 +27,7 @@
 #endif
 
 #if defined (HAVE_CONFIG_H)
-#  include <config.h>
+#  include "config_readline.h"
 #endif
 
 #include <stdio.h>

cmd-line-utils/readline/callback.c

@@ -22,7 +22,7 @@
 #define READLINE_LIBRARY
 
 #if defined (HAVE_CONFIG_H)
-#  include <config.h>
+#  include "config_readline.h"
 #endif
 
 #include "rlconf.h"

cmd-line-utils/readline/compat.c

@@ -22,7 +22,7 @@
 #define READLINE_LIBRARY
 
 #if defined (HAVE_CONFIG_H)
-#  include <config.h>
+#  include "config_readline.h"
 #endif
 
 #include <stdio.h>

cmd-line-utils/readline/complete.c

@@ -22,7 +22,7 @@
 #define READLINE_LIBRARY
 
 #if defined (HAVE_CONFIG_H)
-#  include <config.h>
+#  include "config_readline.h"
 #endif
 
 #include <sys/types.h>

cmd-line-utils/readline/display.c

@@ -22,7 +22,7 @@
 #define READLINE_LIBRARY
 
 #if defined (HAVE_CONFIG_H)
-#  include <config.h>
+#  include "config_readline.h"
 #endif
 
 #include <sys/types.h>

cmd-line-utils/readline/funmap.c

@@ -22,7 +22,7 @@
 #define READLINE_LIBRARY
 
 #if defined (HAVE_CONFIG_H)
-#  include <config.h>
+#  include "config_readline.h"
 #endif
 
 #if !defined (BUFSIZ)

cmd-line-utils/readline/histexpand.c

@@ -23,7 +23,7 @@
 #define READLINE_LIBRARY
 
 #if defined (HAVE_CONFIG_H)
-#  include <config.h>
+#  include "config_readline.h"
 #endif
 
 #include <stdio.h>

cmd-line-utils/readline/histfile.c

@@ -31,7 +31,7 @@
 #endif
 
 #if defined (HAVE_CONFIG_H)
-#  include <config.h>
+#  include "config_readline.h"
 #endif
 
 #include <stdio.h>

cmd-line-utils/readline/history.c

@@ -26,7 +26,7 @@
 #define READLINE_LIBRARY
 
 #if defined (HAVE_CONFIG_H)
-#  include <config.h>
+#  include "config_readline.h"
 #endif
 
 #include <stdio.h>

cmd-line-utils/readline/histsearch.c

@@ -23,7 +23,7 @@
 #define READLINE_LIBRARY
 
 #if defined (HAVE_CONFIG_H)
-#  include <config.h>
+#  include "config_readline.h"
 #endif
 
 #include <stdio.h>

cmd-line-utils/readline/input.c

@@ -26,7 +26,7 @@
 #endif
 
 #if defined (HAVE_CONFIG_H)
-#  include <config.h>
+#  include "config_readline.h"
 #endif
 
 #include <sys/types.h>

cmd-line-utils/readline/isearch.c

@@ -27,7 +27,7 @@
 #define READLINE_LIBRARY
 
 #if defined (HAVE_CONFIG_H)
-#  include <config.h>
+#  include "config_readline.h"
 #endif
 
 #include <sys/types.h>

cmd-line-utils/readline/keymaps.c

@@ -21,7 +21,7 @@
 #define READLINE_LIBRARY
 
 #if defined (HAVE_CONFIG_H)
-#  include <config.h>
+#  include "config_readline.h"
 #endif
 
 #if defined (HAVE_STDLIB_H)

cmd-line-utils/readline/kill.c

@@ -22,7 +22,7 @@
 #define READLINE_LIBRARY
 
 #if defined (HAVE_CONFIG_H)
-#  include <config.h>
+#  include "config_readline.h"
 #endif
 
 #include <sys/types.h>

cmd-line-utils/readline/macro.c

@@ -22,7 +22,7 @@
 #define READLINE_LIBRARY
 
 #if defined (HAVE_CONFIG_H)
-#  include <config.h>
+#  include "config_readline.h"
 #endif
 
 #include <sys/types.h>

cmd-line-utils/readline/mbutil.c

@@ -22,7 +22,7 @@
 #define READLINE_LIBRARY
 
 #if defined (HAVE_CONFIG_H)
-#  include <config.h>
+#  include "config_readline.h"
 #endif
 
 #include <sys/types.h>

cmd-line-utils/readline/misc.c

@@ -22,7 +22,7 @@
 #define READLINE_LIBRARY
 
 #if defined (HAVE_CONFIG_H)
-#  include <config.h>
+#  include "config_readline.h"
 #endif
 
 #if defined (HAVE_UNISTD_H)

cmd-line-utils/readline/nls.c

@@ -22,7 +22,7 @@
 #define READLINE_LIBRARY
 
 #if defined (HAVE_CONFIG_H)
-#  include <config.h>
+#  include "config_readline.h"
 #endif
 
 #include <sys/types.h>

cmd-line-utils/readline/parens.c

@@ -28,7 +28,7 @@
 #include "rlconf.h"
 
 #if defined (HAVE_CONFIG_H)
-#  include <config.h>
+#  include "config_readline.h"
 #endif
 
 #include <stdio.h>

cmd-line-utils/readline/readline.c

@@ -23,7 +23,7 @@
 #define READLINE_LIBRARY
 
 #if defined (HAVE_CONFIG_H)
-#  include <config.h>
+#  include "config_readline.h"
 #endif
 
 #include <sys/types.h>

cmd-line-utils/readline/rldefs.h

@@ -27,7 +27,7 @@
 #define _RLDEFS_H_
 
 #if defined (HAVE_CONFIG_H)
-#  include "config.h"
+#  include "config_readline.h"
 #endif
 
 #include "rlstdc.h"

cmd-line-utils/readline/rltty.c

@@ -23,7 +23,7 @@
 #define READLINE_LIBRARY
 
 #if defined (HAVE_CONFIG_H)
-#  include <config.h>
+#  include "config_readline.h"
 #endif
 
 #include <sys/types.h>

cmd-line-utils/readline/rlwinsize.h

@@ -26,7 +26,7 @@
 #define _RLWINSIZE_H_
 
 #if defined (HAVE_CONFIG_H)
-#  include "config.h"
+#  include "config_readline.h"
 #endif
 
 /* Try to find the definitions of `struct winsize' and TIOGCWINSZ */

cmd-line-utils/readline/savestring.c

@@ -21,7 +21,7 @@
    59 Temple Place, Suite 330, Boston, MA 02111 USA. */
 #define READLINE_LIBRARY
 
-#include <config.h>
+#include "config_readline.h"
 #ifdef HAVE_STRING_H
 #  include <string.h>
 #endif

cmd-line-utils/readline/search.c

@@ -23,7 +23,7 @@
 #define READLINE_LIBRARY
 
 #if defined (HAVE_CONFIG_H)
-#  include <config.h>
+#  include "config_readline.h"
 #endif
 
 #include <sys/types.h>

cmd-line-utils/readline/shell.c

@@ -23,7 +23,7 @@
 #define READLINE_LIBRARY
 
 #if defined (HAVE_CONFIG_H)
-#  include <config.h>
+#  include "config_readline.h"
 #endif
 
 #include <sys/types.h>

cmd-line-utils/readline/signals.c

@@ -22,7 +22,7 @@
 #define READLINE_LIBRARY
 
 #if defined (HAVE_CONFIG_H)
-#  include <config.h>
+#  include "config_readline.h"
 #endif
 
 #include <stdio.h>		/* Just for NULL.  Yuck. */

cmd-line-utils/readline/tcap.h

@@ -25,7 +25,7 @@
 #define _RLTCAP_H_
 
 #if defined (HAVE_CONFIG_H)
-#  include "config.h"
+#  include "config_readline.h"
 #endif
 
 #if defined (HAVE_TERMCAP_H)

cmd-line-utils/readline/terminal.c

@@ -22,7 +22,7 @@
 #define READLINE_LIBRARY
 
 #if defined (HAVE_CONFIG_H)
-#  include <config.h>
+#  include "config_readline.h"
 #endif
 
 #include <sys/types.h>

cmd-line-utils/readline/text.c

@@ -22,7 +22,7 @@
 #define READLINE_LIBRARY
 
 #if defined (HAVE_CONFIG_H)
-#  include <config.h>
+#  include "config_readline.h"
 #endif
 
 #if defined (HAVE_UNISTD_H)

cmd-line-utils/readline/tilde.c

@@ -20,7 +20,7 @@
    Software Foundation, 59 Temple Place, Suite 330, Boston, MA 02111 USA. */
 
 #if defined (HAVE_CONFIG_H)
-#  include <config.h>
+#  include "config_readline.h"
 #endif
 
 #if defined (HAVE_UNISTD_H)

cmd-line-utils/readline/undo.c

@@ -23,7 +23,7 @@
 #define READLINE_LIBRARY
 
 #if defined (HAVE_CONFIG_H)
-#  include <config.h>
+#  include "config_readline.h"
 #endif
 
 #include <sys/types.h>

cmd-line-utils/readline/util.c

@@ -22,7 +22,7 @@
 #define READLINE_LIBRARY
 
 #if defined (HAVE_CONFIG_H)
-#  include <config.h>
+#  include "config_readline.h"
 #endif
 
 #include <sys/types.h>

cmd-line-utils/readline/vi_mode.c

@@ -32,7 +32,7 @@
 #if defined (VI_MODE)
 
 #if defined (HAVE_CONFIG_H)
-#  include <config.h>
+#  include "config_readline.h"
 #endif
 
 #include <sys/types.h>

cmd-line-utils/readline/xmalloc.c

@@ -21,7 +21,7 @@
 #define READLINE_LIBRARY
 
 #if defined (HAVE_CONFIG_H)
-#include <config.h>
+#include "config_readline.h"
 #endif
 
 #include <stdio.h>

extra/yassl/src/handshake.cpp

@@ -527,6 +527,11 @@ void ProcessOldClientHello(input_buffer& input, SSL& ssl)
     input.read(len, sizeof(len));
     uint16 randomLen;
     ato16(len, randomLen);
+    if (ch.suite_len_ > MAX_SUITE_SZ || sessionLen > ID_LEN ||
+        randomLen > RAN_LEN) {
+        ssl.SetError(bad_input);
+        return;
+    }
 
     int j = 0;
     for (uint16 i = 0; i < ch.suite_len_; i += 3) {    

extra/yassl/src/template_instnt.cpp

@@ -101,6 +101,7 @@ template void ysArrayDelete<unsigned char>(unsigned char*);
 template void ysArrayDelete<char>(char*);
 
 template int min<int>(int, int);
+template uint16 min<uint16>(uint16, uint16);
 template unsigned int min<unsigned int>(unsigned int, unsigned int);
 template unsigned long min<unsigned long>(unsigned long, unsigned long);
 }

extra/yassl/src/yassl_imp.cpp

@@ -621,6 +621,10 @@ void HandShakeHeader::Process(input_buffer& input, SSL& ssl)
     }
 
     uint len = c24to32(length_);
+    if (len > input.get_remaining()) {
+        ssl.SetError(bad_input);
+        return;
+    }
     hashHandShake(ssl, input, len);
 
     hs->set_length(len);
@@ -1391,10 +1395,15 @@ input_buffer& operator>>(input_buffer& input, ClientHello& hello)
     
     // Suites
     byte tmp[2];
+    uint16 len;
     tmp[0] = input[AUTO];
     tmp[1] = input[AUTO];
-    ato16(tmp, hello.suite_len_);
+    ato16(tmp, len);
+
+    hello.suite_len_ = min(len, static_cast<uint16>(MAX_SUITE_SZ));
     input.read(hello.cipher_suites_, hello.suite_len_);
+    if (len > hello.suite_len_) // ignore extra suites
+        input.set_current(input.get_current() + len -  hello.suite_len_);
 
     // Compression
     hello.comp_len_ = input[AUTO];