From 9d9851d8e656ab17ff330c125bfc21c329a52383 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Javier=20Jaramago=20Fern=C3=A1ndez?=
 <jaramago.fernandez.javier@gmail.com>
Date: Sun, 8 Aug 2021 19:48:26 +0200
Subject: [PATCH 01/14] Added ASAN (AddressSanitizer) compilation support to
 ProxySQL #3554

---
 Makefile                | 10 ++++++++++
 deps/Makefile           |  4 ++++
 lib/Makefile            | 11 ++++++++++-
 src/Makefile            | 15 ++++++++++++++-
 test/tap/tests/Makefile | 18 ++++++++++++++----
 5 files changed, 52 insertions(+), 6 deletions(-)

diff --git a/Makefile b/Makefile
index f3d6852dd..d751befd7 100644
--- a/Makefile
+++ b/Makefile
@@ -8,6 +8,12 @@ endif
 ### NOTES:
 ### to compile without jemalloc, set environment variable NOJEMALLOC=1
 ### to compile with gcov code coverage, set environment variable WITHGCOV=1
+### to compile with ASAN, set environment variables NOJEMALLOC=1, WITHASAN=1:
+###   * To perform a full ProxySQL build with ASAN then execute:
+###
+###     ```
+###     make build_deps_debug -j$(nproc) && make debug -j$(nproc) && make build_tap_test_debug -j$(nproc)
+###     ```
 
 O0=-O0
 O2=-O2
@@ -133,6 +139,10 @@ build_lib_testall: build_deps_debug
 build_tap_test: build_src
 	cd test/tap && OPTZ="${O0} -ggdb -DDEBUG" CC=${CC} CXX=${CXX} ${MAKE}
 
+.PHONY: build_tap_test_debug
+build_tap_test_debug: build_src
+	cd test/tap && OPTZ="${O0} -ggdb -DDEBUG" CC=${CC} CXX=${CXX} ${MAKE} debug
+
 .PHONY: build_src_debug
 build_src_debug: build_deps build_lib_debug
 	cd src && OPTZ="${O0} -ggdb -DDEBUG" CC=${CC} CXX=${CXX} ${MAKE}
diff --git a/deps/Makefile b/deps/Makefile
index f5be0d551..a22f75463 100644
--- a/deps/Makefile
+++ b/deps/Makefile
@@ -165,6 +165,7 @@ jemalloc/jemalloc/lib/libjemalloc.a:
 
 jemalloc: jemalloc/jemalloc/lib/libjemalloc.a
 
+WITHASAN := $(shell echo $(WITHASAN))
 
 mariadb-client-library/mariadb_client/libmariadb/libmariadbclient.a: libssl/openssl/libssl.a
 	cd mariadb-client-library && rm -rf mariadb-connector-c-3.1.9-src
@@ -189,6 +190,9 @@ mariadb-client-library/mariadb_client/libmariadb/libmariadbclient.a: libssl/open
 	cd mariadb-client-library/mariadb_client && patch -p0 < ../client_deprecate_eof.patch
 	cd mariadb-client-library/mariadb_client && patch -p0 < ../cr_new_stmt_metadata_removal.patch
 	cd mariadb-client-library/mariadb_client && patch -p0 < ../ps_buffer_stmt_read_all_rows.patch
+ifeq ($(WITHASAN),1)
+	cd mariadb-client-library/mariadb_client && patch -p0 < ../mariadb_asan.patch
+endif
 	cd mariadb-client-library/mariadb_client && CC=${CC} CXX=${CXX} ${MAKE} mariadbclient
 # cd mariadb-client-library/mariadb_client/include && make my_config.h
 
diff --git a/lib/Makefile b/lib/Makefile
index e799ce8e5..1fd1c04ef 100644
--- a/lib/Makefile
+++ b/lib/Makefile
@@ -67,6 +67,15 @@ ODIR= obj
 #CXX=g++
 #CC=clang
 
+WITHASANVAR := $(shell echo $(WITHASAN))
+ifeq ($(WITHASANVAR),1)
+WASAN=-fsanitize=address
+# Force the disable of JEMALLOC, since ASAN isn't compatible.
+export NOJEMALLOC = 1
+else
+WASAN=
+endif
+
 #CFLAGS=$(IDIRS) $(OPTZ) $(DEBUG) -Wall #-lcrypto
 #CXXFLAGS=-std=c++11 $(CFLAGS) $(LDIRS) $(LIBS)
 NOJEMALLOC := $(shell echo $(NOJEMALLOC))
@@ -100,7 +109,7 @@ ifeq ($(UNAME_S),Darwin)
 endif
 
 
-MYCFLAGS=$(IDIRS) $(OPTZ) $(DEBUG) -Wall -DGITVERSION=\"$(GIT_VERSION)\" $(NOJEM) $(WGCOV)
+MYCFLAGS=$(IDIRS) $(OPTZ) $(DEBUG) -Wall -DGITVERSION=\"$(GIT_VERSION)\" $(NOJEM) $(WGCOV) $(WASAN)
 MYCXXFLAGS=-std=c++11 $(MYCFLAGS) $(PSQLCH)
 
 default: libproxysql.a
diff --git a/src/Makefile b/src/Makefile
index 48a860138..c0617045e 100644
--- a/src/Makefile
+++ b/src/Makefile
@@ -100,12 +100,25 @@ else
 WGCOV=
 endif
 
-MYCXXFLAGS=-std=c++11 $(IDIRS) $(OPTZ) $(DEBUG) $(PSQLCH) -DGITVERSION=\"$(GIT_VERSION)\" $(WGCOV)
+WITHASANVAR := $(shell echo $(WITHASAN))
+ifeq ($(WITHASANVAR),1)
+WASAN= -fsanitize=address
+# Force the disable of JEMALLOC, since ASAN isn't compatible.
+export NOJEMALLOC = 1
+else
+WASAN=
+endif
+
+MYCXXFLAGS=-std=c++11 $(IDIRS) $(OPTZ) $(DEBUG) $(PSQLCH) -DGITVERSION=\"$(GIT_VERSION)\" $(WGCOV) $(WASAN)
 
 ifeq ($(WITHGCOVVAR),1)
 LDFLAGS+= -lgcov --coverage
 endif
 
+ifeq ($(WITHASANVAR),1)
+LDFLAGS+= -fsanitize=address
+endif
+
 NOJEMALLOC := $(shell echo $(NOJEMALLOC))
 ifeq ($(NOJEMALLOC),1)
 MYLIBS=-Wl,--export-dynamic -Wl,-Bstatic -lconfig -lproxysql -ldaemon -lconfig++ -lre2 -lpcrecpp -lpcre -lmariadbclient -lhttpserver -lmicrohttpd -linjection -lcurl -lssl -lcrypto -lev -Wl,-Bdynamic -lgnutls -lpthread -lm -lz -lrt -lprometheus-cpp-pull -lprometheus-cpp-core $(EXTRALINK)
diff --git a/test/tap/tests/Makefile b/test/tap/tests/Makefile
index 9993439c6..8fd2e2de1 100644
--- a/test/tap/tests/Makefile
+++ b/test/tap/tests/Makefile
@@ -73,7 +73,7 @@ OBJ=../../../src/obj/proxysql_global.o ../../../src/obj/main.o
 INCLUDEDIRS=-I../tap -I$(RE2_PATH) -I$(IDIR) -I$(JEMALLOC_IDIR) -I$(SQLITE3_DIR) -I$(MICROHTTPD_IDIR) -I$(LIBHTTPSERVER_IDIR) -I$(CURL_IDIR) -I$(DAEMONPATH_IDIR) -I$(MARIADB_IDIR) -I$(SSL_IDIR) -I$(JSON_IDIR) -I$(LIBCONFIG_IDIR) -I$(PROMETHEUS_IDIR) -I$(EV_IDIR)
 LDIRS=-L$(TAP_LIBDIR) -L$(LDIR) -L$(JEMALLOC_LDIR) $(LIBCONFIG_LDIR) -L$(RE2_PATH)/obj -L$(MARIADB_LDIR) -L$(DAEMONPATH_LDIR) -L$(PCRE_LDIR) -L$(MICROHTTPD_LDIR) -L$(LIBHTTPSERVER_LDIR) -L$(LIBINJECTION_LDIR) -L$(CURL_LDIR) -L$(EV_LDIR) -L$(SSL_LDIR) -L$(PROMETHEUS_LDIR)
 
-MYLIBS=-Wl,--export-dynamic -Wl,-Bstatic -lconfig -lproxysql -ldaemon -ljemalloc -lconfig++ -lre2 -lpcrecpp -lpcre -lmariadbclient -lhttpserver -lmicrohttpd -linjection -lcurl -lssl -lcrypto -lev -Wl,-Bdynamic -lgnutls -lpthread -lm -lz -lrt $(EXTRALINK) -lprometheus-cpp-pull -lprometheus-cpp-core
+MYLIBS=-Wl,--export-dynamic -Wl,-Bstatic -lconfig -ldaemon -ljemalloc -lconfig++ -lre2 -lpcrecpp -lpcre -lmariadbclient -lhttpserver -lmicrohttpd -linjection -lcurl -lssl -lcrypto -lev -Wl,-Bdynamic -lgnutls -lpthread -lm -lz -lrt $(EXTRALINK) -lprometheus-cpp-pull -lprometheus-cpp-core
 STATIC_LIBS= $(SSL_LDIR)/libssl.a $(SSL_LDIR)/libcrypto.a
 
 .PHONY: all
@@ -90,8 +90,15 @@ else
 WGCOV=
 endif
 
-OPT=-O2 $(WGCOV) -Wl,--no-as-needed
-debug: OPT=-O0 -DDEBUG $(WGCOV) -ggdb -Wl,--no-as-needed
+WITHASANVAR := $(shell echo $(WITHASAN))
+ifeq ($(WITHASANVAR),1)
+WASAN=-fsanitize=address
+else
+WASAN=
+endif
+
+OPT=-O2 -Wl,--no-as-needed
+debug: OPT=-O0 -DDEBUG -ggdb -Wl,--no-as-needed $(WGCOV) $(WASAN)
 debug: tests
 
 tests: $(patsubst %.cpp,%,$(wildcard *-t.cpp)) setparser_test
@@ -113,6 +120,9 @@ aurora: aurora.cpp $(TAP_LIBDIR)/libtap.a
 test_tokenizer-t: test_tokenizer-t.cpp $(TAP_LIBDIR)/libtap.a
 	g++ test_tokenizer-t.cpp $(INCLUDEDIRS) $(LDIRS) $(OPT) -std=c++11 $(MYLIBS) -lproxysql -ltap -Wl,--no-as-needed -ldl -lpthread -o test_tokenizer-t -DGITVERSION=\"$(GIT_VERSION)\"
 
+sqlite3-t: sqlite3-t.cpp $(TAP_LIBDIR)/libtap.a
+	g++ sqlite3-t.cpp $(INCLUDEDIRS) $(LDIRS) $(OPT) -std=c++11 -lproxysql $(MYLIBS) -ltap -Wl,--no-as-needed -ldl -lpthread -o sqlite3-t -DGITVERSION=\"$(GIT_VERSION)\"
+
 test_gtid_forwarding-t: test_gtid_forwarding-t.cpp $(TAP_LIBDIR)/libtap.a
 	g++ test_gtid_forwarding-t.cpp $(INCLUDEDIRS) $(LDIRS) $(OPT) -std=c++11 $(MYLIBS) -ltap -Wl,--no-as-needed -ldl -lpthread -o test_gtid_forwarding-t -DGITVERSION=\"$(GIT_VERSION)\"
 
@@ -126,4 +136,4 @@ test_set_collation-t: test_set_collation-t.cpp $(TAP_LIBDIR)/libtap.a
 	g++ test_set_collation-t.cpp $(INCLUDEDIRS) $(LDIRS) $(OPT) -std=c++11 $(MYLIBS) -ltap -Wl,--no-as-needed -ldl -lpthread -o test_set_collation-t -DGITVERSION=\"$(GIT_VERSION)\"
 
 setparser_test: setparser_test.cpp $(TAP_LIBDIR)/libtap.a $(RE2_PATH)/util/test.cc $(LDIR)/set_parser.cpp $(LIBPROXYSQLAR)
-	g++ -DDEBUG setparser_test.cpp $(RE2_PATH)/util/test.cc ../../../src/obj/proxysql_global.o $(INCLUDEDIRS) $(LDIRS) $(OPT) -std=c++11  $(MYLIBS) -ltap -ldl -lpthread -o setparser_test -DGITVERSION=\"$(GIT_VERSION)\"
+	g++ -DDEBUG setparser_test.cpp $(RE2_PATH)/util/test.cc ../../../src/obj/proxysql_global.o $(INCLUDEDIRS) $(LDIRS) $(OPT) -std=c++11 -lproxysql $(MYLIBS) -ltap -ldl -lpthread $(WASAN) -o setparser_test -DGITVERSION=\"$(GIT_VERSION)\"

From 20d5e6efff0a2cd90d759a260a4db4ed009dd473 Mon Sep 17 00:00:00 2001
From: thiagosantosleite <thiagosantosleite@yahoo.com.br>
Date: Wed, 18 Aug 2021 13:58:56 -0300
Subject: [PATCH 02/14] removing the temporary Dirty patch

---
 .../deb-compliant/entrypoint/entrypoint.bash         |  6 ------
 .../rhel-compliant/entrypoint/entrypoint.bash        | 12 ------------
 2 files changed, 18 deletions(-)

diff --git a/docker/images/proxysql/deb-compliant/entrypoint/entrypoint.bash b/docker/images/proxysql/deb-compliant/entrypoint/entrypoint.bash
index 57920d9ca..d241c6a46 100755
--- a/docker/images/proxysql/deb-compliant/entrypoint/entrypoint.bash
+++ b/docker/images/proxysql/deb-compliant/entrypoint/entrypoint.bash
@@ -7,12 +7,6 @@ ARCH=$PROXYSQL_BUILD_ARCH
 
 echo "==> $ARCH architecture detected for package"
 
-# Dirty patch to ensure OS deps are installed:
-apt-get update
-apt-get -y install gnutls-dev || true
-apt-get -y install libgnutls28-dev || true
-apt-get -y install libtool || true
-
 # Delete package if exists
 rm -f "/opt/proxysql/binaries/proxysql_${CURVER}-${PKG_RELEASE}_$ARCH.deb" || true
 # Cleanup relic directories from a previously failed build
diff --git a/docker/images/proxysql/rhel-compliant/entrypoint/entrypoint.bash b/docker/images/proxysql/rhel-compliant/entrypoint/entrypoint.bash
index 8f4f9b358..406274747 100755
--- a/docker/images/proxysql/rhel-compliant/entrypoint/entrypoint.bash
+++ b/docker/images/proxysql/rhel-compliant/entrypoint/entrypoint.bash
@@ -7,18 +7,6 @@ env
 ARCH=$PROXYSQL_BUILD_ARCH
 echo "==> $ARCH architecture detected for package"
 
-echo "==> Dirty patching to ensure OS deps are installed"
-
-if [[ -f "/usr/bin/python" ]]  || [[ -h "/usr/bin/python" ]];
-then
-    echo "==> Installing dependancies for RHEL compliant version 7"
-    yum -y install gnutls-devel libtool || true
-else
-    echo "==> Installing dependancies for RHEL compliant version 8"
-    yum -y install python2 gnutls-devel libtool || true
-    ln -s /usr/bin/python2.7 /usr/bin/python || true
-fi
-
 echo "==> Cleaning"
 # Delete package if exists
 rm -f /opt/proxysql/binaries/proxysql-${CURVER}-1-${PKG_RELEASE}.$ARCH.rpm || true

From 0f8aa299ac9d8c4a10a21ae1e8be80f3d36cfd67 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Javier=20Jaramago=20Fern=C3=A1ndez?=
 <jaramago.fernandez.javier@gmail.com>
Date: Thu, 19 Aug 2021 21:33:17 +0200
Subject: [PATCH 03/14] Fixed memory corruption reported by ASAN due to
 unexpected packet by 'mysqlsh' #3554

---
 lib/MySQL_Protocol.cpp | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/lib/MySQL_Protocol.cpp b/lib/MySQL_Protocol.cpp
index cad2d1c29..bf7e766f5 100644
--- a/lib/MySQL_Protocol.cpp
+++ b/lib/MySQL_Protocol.cpp
@@ -1618,6 +1618,15 @@ bool MySQL_Protocol::process_pkt_handshake_response(unsigned char *pkt, unsigned
 	//Copy4B(&hdr,pkt);
 	pkt     += sizeof(mysql_hdr);
 
+	// NOTE: 'mysqlsh' sends a 'COM_INIT_DB' as soon as the connection is openned
+	// before ProxySQL has sent 'Server Greeting' messsage. Because this packet is
+	// unexpected, we simple return 'false' and exit.
+	if (hdr.pkt_id == 0 && *pkt == 2) {
+		ret = false;
+		proxy_debug(PROXY_DEBUG_MYSQL_AUTH, 5, "Session=%p , DS=%p , user='%s' . Client is disconnecting\n", (*myds), (*myds)->sess, user);
+		goto __exit_process_pkt_handshake_response;
+	}
+
 	if ((*myds)->myconn->userinfo->username) {
 		(*myds)->switching_auth_stage=2;
 		if (len==5) {

From 58460bd323fae96afd0dc838618122d630167bf9 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Javier=20Jaramago=20Fern=C3=A1ndez?=
 <jaramago.fernandez.javier@gmail.com>
Date: Thu, 19 Aug 2021 21:37:17 +0200
Subject: [PATCH 04/14] Fixed 'heap-buffer-overflow' detected by ASAN in
 'generate_show_fields_from' #3554

---
 lib/ProxySQL_Admin.cpp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/ProxySQL_Admin.cpp b/lib/ProxySQL_Admin.cpp
index ef20bdc7e..e29d97f31 100644
--- a/lib/ProxySQL_Admin.cpp
+++ b/lib/ProxySQL_Admin.cpp
@@ -3228,7 +3228,7 @@ bool ProxySQL_Admin::GenericRefreshStatistics(const char *query_no_space, unsign
 SQLite3_result * ProxySQL_Admin::generate_show_fields_from(const char *tablename, char **err) {
 	char *tn=NULL; // tablename
 	// note that tablename is passed with a trailing '
-	tn=(char *)malloc(strlen(tablename));
+	tn=(char *)malloc(strlen(tablename) + 1);
 	unsigned int i=0, j=0;
 	while (i<strlen(tablename)) {
 		if (tablename[i]!='\\' && tablename[i]!='`' && tablename[i]!='\'') {

From e86b0258825512186bcc19e6f1f6d206fd79e489 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Javier=20Jaramago=20Fern=C3=A1ndez?=
 <jaramago.fernandez.javier@gmail.com>
Date: Thu, 19 Aug 2021 21:39:42 +0200
Subject: [PATCH 05/14] Fixed memory leak detected by ASAN during 'PROXYSQL
 SHUTDOWN SLOW' #3554

---
 src/main.cpp | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/main.cpp b/src/main.cpp
index 5df0cc98c..c00a189c7 100644
--- a/src/main.cpp
+++ b/src/main.cpp
@@ -1114,6 +1114,7 @@ void ProxySQL_Main_join_all_threads() {
 	if (GloMyMon && MyMon_thread) {
 		cpu_timer t;
 		MyMon_thread->join();
+		delete MyMon_thread;
 		MyMon_thread = NULL;
 #ifdef DEBUG
 		std::cerr << "GloMyMon joined in ";

From fd9f3f13a3d99aa828ed9cd0625d87a9991dd486 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Javier=20Jaramago=20Fern=C3=A1ndez?=
 <jaramago.fernandez.javier@gmail.com>
Date: Thu, 19 Aug 2021 21:40:54 +0200
Subject: [PATCH 06/14] Fixed 'strcat-param-overlap' found by ASAN in
 'IsKeepMultiplexEnabledVariables' #3554

---
 lib/mysql_connection.cpp | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/lib/mysql_connection.cpp b/lib/mysql_connection.cpp
index e1d6352af..699cc0d75 100644
--- a/lib/mysql_connection.cpp
+++ b/lib/mysql_connection.cpp
@@ -2254,7 +2254,11 @@ bool MySQL_Connection::IsKeepMultiplexEnabledVariables(char *query_digest_text)
 	}
 	while (query_digest_text_filter_select && (match = strcasestr(query_digest_text_filter_select,"@@"))) {
 		*match = '\0';
-		strcat(query_digest_text_filter_select, match+strlen("@@"));
+		if (strlen(query_digest_text_filter_select) == 0) {
+			memcpy(query_digest_text_filter_select, match, strlen("@@"));
+		} else {
+			strcat(query_digest_text_filter_select, match+strlen("@@"));
+		}
 	}
 
 	std::vector<char*>query_digest_text_filter_select_v;

From d271ef9613fdb0ff41278713cf2d1506170ba43a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Javier=20Jaramago=20Fern=C3=A1ndez?=
 <jaramago.fernandez.javier@gmail.com>
Date: Thu, 19 Aug 2021 21:47:16 +0200
Subject: [PATCH 07/14] Fixed 'stack-buffer-overflow' found by ASAN during SHA1
 generation #3554

---
 src/main.cpp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/main.cpp b/src/main.cpp
index c00a189c7..3f95abb57 100644
--- a/src/main.cpp
+++ b/src/main.cpp
@@ -1710,7 +1710,7 @@ int main(int argc, const char * argv[]) {
 					SHA1(fb, statbuf.st_size, temp);
 					binary_sha1 = (char *)malloc(SHA_DIGEST_LENGTH*2+1);
 					memset(binary_sha1, 0, SHA_DIGEST_LENGTH*2+1);
-					char buf[SHA_DIGEST_LENGTH*2];
+					char buf[SHA_DIGEST_LENGTH*2 + 1];
 					for (int i=0; i < SHA_DIGEST_LENGTH; i++) {
 						sprintf((char*)&(buf[i*2]), "%02x", temp[i]);
 					}

From 59bd75be4546e1cba08ae87874699047bb6b88a9 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Javier=20Jaramago=20Fern=C3=A1ndez?=
 <jaramago.fernandez.javier@gmail.com>
Date: Thu, 19 Aug 2021 21:49:08 +0200
Subject: [PATCH 08/14] Fixed faulty check in 'test_firewall-t' preventing it
 from working in DEBUG mode #3554

---
 test/tap/tests/test_firewall-t.cpp | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/test/tap/tests/test_firewall-t.cpp b/test/tap/tests/test_firewall-t.cpp
index 70fbafbee..39ccf4bd6 100644
--- a/test/tap/tests/test_firewall-t.cpp
+++ b/test/tap/tests/test_firewall-t.cpp
@@ -59,7 +59,8 @@ int main(int argc, char** argv) {
 	
 	// Test that firewall initialized and blocks all queries
 	if (mysql_query(mysql, "select @@version")) {
-		ok(mysql_num_rows(result) == 0, "Any query should be blocked");
+		int myerrno = mysql_errno(mysql);
+		ok(myerrno == 1148, "Any query should be blocked");
 	}
 
 	// enable 'Select 1' query

From bf6e990fb39149fc24da8371f41c43203f025afa Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ren=C3=A9=20Canna=C3=B2?= <rene.cannao@gmail.com>
Date: Thu, 19 Aug 2021 22:38:25 +0200
Subject: [PATCH 09/14] Reenable code coverage for TAP tests

---
 test/tap/tests/Makefile | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/test/tap/tests/Makefile b/test/tap/tests/Makefile
index 8fd2e2de1..99baf3268 100644
--- a/test/tap/tests/Makefile
+++ b/test/tap/tests/Makefile
@@ -85,7 +85,7 @@ clean:
 
 WITHGCOVVAR := $(shell echo $(WITHGCOV))
 ifeq ($(WITHGCOVVAR),1)
-WGCOV=-DWITHGCOV --coverage
+WGCOV=-DWITHGCOV --coverage -lgcov
 else
 WGCOV=
 endif
@@ -97,7 +97,7 @@ else
 WASAN=
 endif
 
-OPT=-O2 -Wl,--no-as-needed
+OPT=-O2 $(WGCOV) -Wl,--no-as-needed
 debug: OPT=-O0 -DDEBUG -ggdb -Wl,--no-as-needed $(WGCOV) $(WASAN)
 debug: tests
 

From 25df2289605e2a5763cf776bad57e3431eec39ee Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Javier=20Jaramago=20Fern=C3=A1ndez?=
 <jaramago.fernandez.javier@gmail.com>
Date: Fri, 20 Aug 2021 23:14:21 +0200
Subject: [PATCH 10/14] Fixed double-free memory corruption due to unitialized
 memory in prepared statements bind buffers #3546

---
 lib/MySQL_Protocol.cpp | 3 +++
 lib/MySQL_Session.cpp  | 3 +++
 2 files changed, 6 insertions(+)

diff --git a/lib/MySQL_Protocol.cpp b/lib/MySQL_Protocol.cpp
index 9a5072285..4bf68c9bd 100644
--- a/lib/MySQL_Protocol.cpp
+++ b/lib/MySQL_Protocol.cpp
@@ -2259,6 +2259,9 @@ stmt_execute_metadata_t * MySQL_Protocol::get_binds_from_pkt(void *ptr, unsigned
 				continue;
 			} else if (is_nulls[i]==true) {
 				// the parameter is NULL, no need to read any data from the packet
+				// NOTE: We nullify buffers here to reflect that memory wasn't
+				// initalized. See #3546.
+				binds[i].buffer = NULL;
 				continue;
 			}
 
diff --git a/lib/MySQL_Session.cpp b/lib/MySQL_Session.cpp
index dbc46b09f..b96526c20 100644
--- a/lib/MySQL_Session.cpp
+++ b/lib/MySQL_Session.cpp
@@ -3904,6 +3904,9 @@ void MySQL_Session::handler_rc0_PROCESSING_STMT_EXECUTE(MySQL_Data_Stream *myds)
 				(buffer_type == MYSQL_TYPE_DATETIME)
 			) {
 				free(CurrentQuery.stmt_meta->binds[i].buffer);
+				// NOTE: This memory should be zeroed during initialization,
+				// but we also nullify it here for extra safety. See #3546.
+				CurrentQuery.stmt_meta->binds[i].buffer = NULL;
 			}
 		}
 	}

From fda395c879ae0ea3a177511fb093ea1936f86dc5 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Javier=20Jaramago=20Fern=C3=A1ndez?=
 <jaramago.fernandez.javier@gmail.com>
Date: Fri, 20 Aug 2021 23:16:04 +0200
Subject: [PATCH 11/14] Added regression for double-free memory corruption due
 to unitialized memory in prepared statements #3546

---
 .../reg_test_3546-stmt_empty_params-t.cpp     | 257 ++++++++++++++++++
 1 file changed, 257 insertions(+)
 create mode 100644 test/tap/tests/reg_test_3546-stmt_empty_params-t.cpp

diff --git a/test/tap/tests/reg_test_3546-stmt_empty_params-t.cpp b/test/tap/tests/reg_test_3546-stmt_empty_params-t.cpp
new file mode 100644
index 000000000..2f07ca164
--- /dev/null
+++ b/test/tap/tests/reg_test_3546-stmt_empty_params-t.cpp
@@ -0,0 +1,257 @@
+/**
+ * @file reg_test_3546-stmt_empty_params-t.cpp
+ * @brief This test is a regression test for exercising the code path that lead
+ *   to issue #3546. It's not meant to test a specific feature, but to server as
+ *   a regression test that should flag the issue under a memory analyzer.
+ * @details Memory corruption related to #3546 was double-free provoqued when a
+ *   prepared statement with param of types ['MYSQL_TYPE_DATE'|'MYSQL_TYPE_TIMESTAMP'|'MYSQL_TYPE_DATETIME'|'MYSQL_TYPE_TIME'],
+ *   was prepared and a later prepared  with 'NULL' parameters. Because the memory
+ *   for the buffered was not zeroed neither at initialization or during the later
+ *   `free` a corruption takes place during the second execution.
+ */
+
+#include <iostream>
+#include <chrono>
+#include <ctime>
+#include <cstring>
+#include <unistd.h>
+#include <time.h>
+#include <vector>
+#include <string>
+#include <stdio.h>
+
+#include <mysql.h>
+#include <mysql/mysqld_error.h>
+
+#include "proxysql_utils.h"
+#include "tap.h"
+#include "command_line.h"
+#include "utils.h"
+#include "errno.h"
+
+/**
+ * @brief String size of the columns created for the testing table.
+ */
+const int STRING_SIZE=32;
+/**
+ * @brief Number of iterations to perform.
+ */
+const uint32_t ITERATIONS = 100;
+/**
+ * @brief Id for the current writer hostgroup.
+ */
+const uint32_t WRITER_HOSTGROUP_ID = 0;
+
+int prepare_stmt(
+	MYSQL* proxysql_mysql, MYSQL_STMT* stmt, MYSQL_TIME* ts, my_bool* is_null
+) {
+	int res = EXIT_SUCCESS;
+	std::string query {
+		"SELECT /*+ ;hostgroup=0 */ id,c1,c2 FROM test.reg_test_3546 WHERE date IN (?)"
+	};
+
+	if (mysql_stmt_prepare(stmt, query.c_str(), strlen(query.c_str()))) {
+		diag("mysql_stmt_prepare at line %d failed: %s", __LINE__ , mysql_error(proxysql_mysql));
+		mysql_close(proxysql_mysql);
+		res = EXIT_FAILURE;
+		goto exit;
+	}
+
+	MYSQL_BIND bind_params;
+
+	memset(&bind_params, 0, sizeof(MYSQL_BIND));
+	bind_params.buffer_type= MYSQL_TYPE_DATE;
+	bind_params.buffer= ts;
+	bind_params.is_null= is_null;
+	bind_params.length= 0;
+
+	if (mysql_stmt_bind_param(stmt, &bind_params)) {
+		diag(
+			"mysql_stmt_bind_result at line %d failed: %s", __LINE__ ,
+			mysql_stmt_error(stmt)
+		);
+		res = EXIT_FAILURE;
+		goto exit;
+	}
+
+exit:
+	return res;
+}
+
+int main(int argc, char** argv) {
+
+	CommandLine cl;
+
+	plan(ITERATIONS);
+
+	if (cl.getEnv()) {
+		diag("Failed to get the required environmental variables.");
+		return -1;
+	}
+
+	MYSQL_STMT* stmt_param = nullptr;
+	MYSQL* proxysql_mysql = mysql_init(NULL);
+	MYSQL* proxysql_admin = mysql_init(NULL);
+
+	if (!mysql_real_connect(proxysql_mysql, cl.host, cl.username, cl.password, NULL, cl.port, NULL, 0)) {
+		fprintf(stderr, "File %s, line %d, Error: %s\n", __FILE__, __LINE__, mysql_error(proxysql_mysql));
+		return -1;
+	}
+
+	if (!mysql_real_connect(proxysql_admin, cl.host, cl.admin_username, cl.admin_password, NULL, cl.admin_port, NULL, 0)) {
+		fprintf(stderr, "File %s, line %d, Error: %s\n", __FILE__, __LINE__, mysql_error(proxysql_admin));
+		return -1;
+	}
+
+	stmt_param = mysql_stmt_init(proxysql_mysql);
+	if (!stmt_param) {
+		diag("mysql_stmt_init(), out of memory");
+		goto exit;
+	}
+
+	// Insert the row to be queried with the prepared statement.
+	// *************************************************************************
+	MYSQL_QUERY(proxysql_mysql, "CREATE DATABASE IF NOT EXISTS test");
+	MYSQL_QUERY(proxysql_mysql, "DROP TABLE IF EXISTS test.reg_test_3546");
+	MYSQL_QUERY(
+		proxysql_mysql,
+		"CREATE TABLE IF NOT EXISTS test.reg_test_3546"
+		" (id INT NOT NULL AUTO_INCREMENT PRIMARY KEY, `c1` BIGINT, `c2` varchar(32), `date` DATE)"
+	);
+	MYSQL_QUERY(proxysql_mysql, "INSERT INTO test.reg_test_3546(c1, c2, date) VALUES (100, 'abcde', '2009-01-01')");
+	mysql_close(proxysql_mysql);
+
+	// *************************************************************************
+
+	// Initialize the connection again
+	proxysql_mysql = mysql_init(NULL);
+
+	if (!mysql_real_connect(proxysql_mysql, cl.host, cl.username, cl.password, NULL, cl.port, NULL, 0)) {
+		fprintf(stderr, "File %s, line %d, Error: %s\n", __FILE__, __LINE__, mysql_error(proxysql_mysql));
+		return -1;
+	}
+
+	{
+		// Set the number of maximum connections for servers in the writer hostgroup
+		std::string t_update_mysql_servers {
+			"UPDATE mysql_servers SET max_connections=1 WHERE hostgroup_id=%d"
+		};
+		std::string update_mysql_queries {};
+		string_format(t_update_mysql_servers, update_mysql_queries, WRITER_HOSTGROUP_ID);
+		MYSQL_QUERY(proxysql_admin, update_mysql_queries.c_str());
+		MYSQL_QUERY(proxysql_admin, "LOAD MYSQL SERVERS TO RUNTIME");
+
+		MYSQL_TIME ts;
+		char data_param[STRING_SIZE] = {};
+		my_bool is_null = 0;
+
+		if (prepare_stmt(proxysql_mysql, stmt_param, &ts, &is_null)) {
+			diag("'prepare_stmt' at line %d failed", __LINE__);
+			goto exit;
+		}
+
+		// Prepare parameters
+		ts.year = 2009;
+		ts.month = 1;
+		ts.day = 1;
+
+		for (uint32_t i = 0; i < ITERATIONS; i++) {
+			if (i % 2) {
+				is_null = 0;
+			} else {
+				is_null = 1;
+			}
+
+			if (mysql_stmt_execute(stmt_param)) {
+				diag(
+					"'mysql_stmt_execute' at line %d failed: %s", __LINE__ ,
+					mysql_stmt_error(stmt_param)
+				);
+				goto exit;
+			}
+
+			MYSQL_BIND bind[3];
+			memset(bind, 0, sizeof(bind));
+
+			int data_id = 0;
+			int64_t data_c1 = 0;
+			char data_c2[STRING_SIZE] { 0 };
+			char is_null[3] { 0 };
+			long unsigned int length[3] { 0 };
+			char error[3] { 0 };
+
+			bind[0].buffer_type = MYSQL_TYPE_LONG;
+			bind[0].buffer = (char *)&data_id;
+			bind[0].buffer_length = sizeof(int);
+			bind[0].is_null = &is_null[0];
+			bind[0].length = &length[0];
+
+			bind[1].buffer_type = MYSQL_TYPE_LONGLONG;
+			bind[1].buffer = (char *)&data_c1;
+			bind[1].buffer_length = sizeof(int64_t);
+			bind[1].is_null = &is_null[1];
+			bind[1].length = &length[1];
+
+			bind[2].buffer_type = MYSQL_TYPE_STRING;
+			bind[2].buffer = (char *)&data_c2;
+			bind[2].buffer_length = STRING_SIZE;
+			bind[2].is_null = &is_null[2];
+			bind[2].length = &length[2];
+			bind[2].error = &error[2];
+
+			if (mysql_stmt_bind_result(stmt_param, bind)) {
+				diag(
+					"mysql_stmt_bind_result at line %d failed: %s", __LINE__,
+					mysql_stmt_error(stmt_param)
+				);
+				goto exit;
+			}
+
+			int fetch_result = mysql_stmt_fetch(stmt_param);
+			if (fetch_result == 1) {
+				diag(
+					"mysql_stmt_fetch at line %d failed: %s", __LINE__,
+					mysql_stmt_error(stmt_param)
+				);
+				goto exit;
+			}
+
+			if (i % 2) {
+				bool data_match_expected =
+					(data_id == static_cast<int64_t>(1)) &&
+					(data_c1 == static_cast<int64_t>(100)) &&
+					(strcmp(data_c2, "abcde") == 0);
+
+				ok(
+					data_match_expected,
+					"Prepared statement SELECT result *SHOULD* match expected -"
+					" Exp=(id:1, c1:100, c2:'abcde'), Act=(id:%d, c1:%ld, c2:'%s')",
+					data_id,
+					data_c1,
+					data_c2
+				);
+			} else {
+				bool data_match_expected =
+					(data_id == static_cast<int64_t>(0)) &&
+					(data_c1 == static_cast<int64_t>(0)) &&
+					(strcmp(data_c2, "") == 0);
+
+				ok(
+					data_match_expected,
+					"Prepared statement SELECT result *SHOULD* match expected -"
+					" Exp=(id:0, c1:0, c2:''), Act=(id:%d, c1:%ld, c2:'%s')",
+					data_id,
+					data_c1,
+					data_c2
+				);
+			}
+		}
+	}
+
+exit:
+	if (stmt_param) { mysql_stmt_close(stmt_param); }
+	mysql_close(proxysql_mysql);
+	mysql_close(proxysql_admin);
+
+	return exit_status();
+}

From 57f6af71328636aff7efa1a757eb087111f269b4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ren=C3=A9=20Canna=C3=B2?= <rene.cannao@gmail.com>
Date: Mon, 23 Aug 2021 12:35:18 +0200
Subject: [PATCH 12/14] Add more verbosity when mysql_real_connect() fails

Error log will now shows also the hostgroup id of the server the
connection failed to
---
 lib/mysql_connection.cpp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/mysql_connection.cpp b/lib/mysql_connection.cpp
index 73550c517..cde305ae9 100644
--- a/lib/mysql_connection.cpp
+++ b/lib/mysql_connection.cpp
@@ -1012,7 +1012,7 @@ handler_again:
 			}
 			if (!ret_mysql) {
 				// always increase the counter
-				proxy_error("Failed to mysql_real_connect() on %s:%d , FD (Conn:%d , MyDS:%d) , %d: %s.\n", parent->address, parent->port, mysql->net.fd , myds->fd, mysql_errno(mysql), mysql_error(mysql));
+				proxy_error("Failed to mysql_real_connect() on %u:%s:%d , FD (Conn:%d , MyDS:%d) , %d: %s.\n", parent->myhgc->hid, parent->address, parent->port, mysql->net.fd , myds->fd, mysql_errno(mysql), mysql_error(mysql));
     		NEXT_IMMEDIATE(ASYNC_CONNECT_FAILED);
 			} else {
     		NEXT_IMMEDIATE(ASYNC_CONNECT_SUCCESSFUL);

From 7762dea9937f4da338626028eccb16b6b312035d Mon Sep 17 00:00:00 2001
From: Hormoz K <hkheradm@gmail.com>
Date: Thu, 19 Aug 2021 11:01:00 -0400
Subject: [PATCH 13/14] add crl, crlpath, and capath options

---
 include/MySQL_Thread.h     |  3 ++
 include/proxysql_structs.h |  6 +++
 lib/MySQL_Monitor.cpp      |  9 +++-
 lib/MySQL_Thread.cpp       | 90 ++++++++++++++++++++++++++++++++++++++
 lib/mysql_connection.cpp   |  9 +++-
 5 files changed, 115 insertions(+), 2 deletions(-)

diff --git a/include/MySQL_Thread.h b/include/MySQL_Thread.h
index 4afa51740..35d3e2f18 100644
--- a/include/MySQL_Thread.h
+++ b/include/MySQL_Thread.h
@@ -522,9 +522,12 @@ class MySQL_Threads_Handler
 		int auditlog_filesize;
 		// SSL related, proxy to server
 		char * ssl_p2s_ca;
+		char * ssl_p2s_capath;
 		char * ssl_p2s_cert;
 		char * ssl_p2s_key;
 		char * ssl_p2s_cipher;
+		char * ssl_p2s_crl;
+		char * ssl_p2s_crlpath;
 		int query_cache_size_MB;
 		int min_num_servers_lantency_awareness;
 		int aurora_max_lag_ms_only_read_from_replicas;
diff --git a/include/proxysql_structs.h b/include/proxysql_structs.h
index 57a47eb81..32dc9510f 100644
--- a/include/proxysql_structs.h
+++ b/include/proxysql_structs.h
@@ -805,9 +805,12 @@ __thread int mysql_thread___query_cache_size_MB;
 
 /* variables used for SSL , from proxy to server (p2s) */
 __thread char * mysql_thread___ssl_p2s_ca;
+__thread char * mysql_thread___ssl_p2s_capath;
 __thread char * mysql_thread___ssl_p2s_cert;
 __thread char * mysql_thread___ssl_p2s_key;
 __thread char * mysql_thread___ssl_p2s_cipher;
+__thread char * mysql_thread___ssl_p2s_crl;
+__thread char * mysql_thread___ssl_p2s_crlpath;
 
 /* variables used by events log */
 __thread char * mysql_thread___eventslog_filename;
@@ -957,9 +960,12 @@ extern __thread int mysql_thread___query_cache_size_MB;
 
 /* variables used for SSL , from proxy to server (p2s) */
 extern __thread char * mysql_thread___ssl_p2s_ca;
+extern __thread char * mysql_thread___ssl_p2s_capath;
 extern __thread char * mysql_thread___ssl_p2s_cert;
 extern __thread char * mysql_thread___ssl_p2s_key;
 extern __thread char * mysql_thread___ssl_p2s_cipher;
+extern __thread char * mysql_thread___ssl_p2s_crl;
+extern __thread char * mysql_thread___ssl_p2s_crlpath;
 
 /* variables used by events log */
 extern __thread char * mysql_thread___eventslog_filename;
diff --git a/lib/MySQL_Monitor.cpp b/lib/MySQL_Monitor.cpp
index 7a38996d5..7120e177b 100644
--- a/lib/MySQL_Monitor.cpp
+++ b/lib/MySQL_Monitor.cpp
@@ -1084,7 +1084,14 @@ bool MySQL_Monitor_State_Data::create_new_connection() {
 		mysql=mysql_init(NULL);
 		assert(mysql);
 		if (use_ssl) {
-			mysql_ssl_set(mysql, mysql_thread___ssl_p2s_key, mysql_thread___ssl_p2s_cert, mysql_thread___ssl_p2s_ca, NULL, mysql_thread___ssl_p2s_cipher);
+			mysql_ssl_set(mysql,
+					mysql_thread___ssl_p2s_key,
+					mysql_thread___ssl_p2s_cert,
+					mysql_thread___ssl_p2s_ca,
+					mysql_thread___ssl_p2s_capath,
+					mysql_thread___ssl_p2s_cipher);
+			mysql_options(mysql, MYSQL_OPT_SSL_CRL, mysql_thread___ssl_p2s_crl);
+			mysql_options(mysql, MYSQL_OPT_SSL_CRLPATH, mysql_thread___ssl_p2s_crlpath);
 		}
 		unsigned int timeout=mysql_thread___monitor_connect_timeout/1000;
 		if (timeout==0) timeout=1;
diff --git a/lib/MySQL_Thread.cpp b/lib/MySQL_Thread.cpp
index ce8a25382..c9047d9c9 100644
--- a/lib/MySQL_Thread.cpp
+++ b/lib/MySQL_Thread.cpp
@@ -539,9 +539,12 @@ static char * mysql_thread_variables_names[]= {
 	(char *)"session_debug",
 #endif /* DEBUG */
 	(char *)"ssl_p2s_ca",
+	(char *)"ssl_p2s_capath",
 	(char *)"ssl_p2s_cert",
 	(char *)"ssl_p2s_key",
 	(char *)"ssl_p2s_cipher",
+	(char *)"ssl_p2s_crl",
+	(char *)"ssl_p2s_crlpath",
 	(char *)"stacksize",
 	(char *)"threads",
 	(char *)"init_connect",
@@ -1151,9 +1154,12 @@ MySQL_Threads_Handler::MySQL_Threads_Handler() {
 	variables.servers_stats=true;
 	variables.default_reconnect=true;
 	variables.ssl_p2s_ca=NULL;
+	variables.ssl_p2s_capath=NULL;
 	variables.ssl_p2s_cert=NULL;
 	variables.ssl_p2s_key=NULL;
 	variables.ssl_p2s_cipher=NULL;
+	variables.ssl_p2s_crl=NULL;
+	variables.ssl_p2s_crlpath=NULL;
 	variables.keep_multiplexing_variables=strdup((char *)"tx_isolation,version");
 #ifdef DEBUG
 	variables.session_debug=true;
@@ -1276,6 +1282,13 @@ char * MySQL_Threads_Handler::get_variable_string(char *name) {
 				return strdup(variables.ssl_p2s_cert);
 			}
 		}
+		if (!strcmp(name,"ssl_p2_capath")) {
+			if (variables.ssl_p2_capath==NULL || strlen(variables.ssl_p2_capath)==0) {
+				return NULL;
+			} else {
+				return strdup(variables.ssl_p2_capath);
+			}
+		}
 		if (!strcmp(name,"ssl_p2s_key")) {
 			if (variables.ssl_p2s_key==NULL || strlen(variables.ssl_p2s_key)==0) {
 				return NULL;
@@ -1290,6 +1303,20 @@ char * MySQL_Threads_Handler::get_variable_string(char *name) {
 				return strdup(variables.ssl_p2s_cipher);
 			}
 		}
+		if (!strcmp(name,"ssl_p2s_crl")) {
+			if (variables.ssl_p2s_crl==NULL || strlen(variables.ssl_p2s_crl)==0) {
+				return NULL;
+			} else {
+				return strdup(variables.ssl_p2s_crl);
+			}
+		}
+		if (!strcmp(name,"ssl_p2s_crlpath")) {
+			if (variables.ssl_p2s_crlpath==NULL || strlen(variables.ssl_p2s_crlpath)==0) {
+				return NULL;
+			} else {
+				return strdup(variables.ssl_p2s_crlpath);
+			}
+		}
 	}
 	if (!strcmp(name,"firewall_whitelist_errormsg")) {
 		if (variables.firewall_whitelist_errormsg==NULL || strlen(variables.firewall_whitelist_errormsg)==0) {
@@ -1500,6 +1527,13 @@ char * MySQL_Threads_Handler::get_variable(char *name) {	// this is the public f
 				return strdup(variables.ssl_p2s_ca);
 			}
 		}
+		if (!strcasecmp(name,"ssl_p2s_capath")) {
+			if (variables.ssl_p2s_capath==NULL || strlen(variables.ssl_p2s_capath)==0) {
+				return NULL;
+			} else {
+				return strdup(variables.ssl_p2s_capath);
+			}
+		}
 		if (!strcasecmp(name,"ssl_p2s_cert")) {
 			if (variables.ssl_p2s_cert==NULL || strlen(variables.ssl_p2s_cert)==0) {
 				return NULL;
@@ -1521,6 +1555,20 @@ char * MySQL_Threads_Handler::get_variable(char *name) {	// this is the public f
 				return strdup(variables.ssl_p2s_cipher);
 			}
 		}
+		if (!strcasecmp(name,"ssl_p2s_crl")) {
+			if (variables.ssl_p2s_crl==NULL || strlen(variables.ssl_p2s_crl)==0) {
+				return NULL;
+			} else {
+				return strdup(variables.ssl_p2s_crl);
+			}
+		}
+		if (!strcasecmp(name,"ssl_p2s_crlpath")) {
+			if (variables.ssl_p2s_crlpath==NULL || strlen(variables.ssl_p2s_crlpath)==0) {
+				return NULL;
+			} else {
+				return strdup(variables.ssl_p2s_crlpath);
+			}
+		}
 	}
 	// monitor variables
 	if (!strncasecmp(name,"monitor_",8)) {
@@ -1821,6 +1869,15 @@ bool MySQL_Threads_Handler::set_variable(char *name, const char *value) {	// thi
 		}
 		return true;
 	}
+	if (!strcasecmp(name,"ssl_p2s_capath")) {
+		if (variables.ssl_p2s_capath) free(variables.ssl_p2s_capath);
+		variables.ssl_p2s_capath=NULL;
+		if (vallen) {
+			if (strcmp(value,"(null)"))
+				variables.ssl_p2s_capath=strdup(value);
+		}
+		return true;
+	}
 	if (!strcasecmp(name,"ssl_p2s_cert")) {
 		if (variables.ssl_p2s_cert) free(variables.ssl_p2s_cert);
 		variables.ssl_p2s_cert=NULL;
@@ -1848,6 +1905,24 @@ bool MySQL_Threads_Handler::set_variable(char *name, const char *value) {	// thi
 		}
 		return true;
 	}
+	if (!strcasecmp(name,"ssl_p2s_crl")) {
+		if (variables.ssl_p2s_crl) free(variables.ssl_p2s_crl);
+		variables.ssl_p2s_crl=NULL;
+		if (vallen) {
+			if (strcmp(value,"(null)"))
+				variables.ssl_p2s_crl=strdup(value);
+		}
+		return true;
+	}
+	if (!strcasecmp(name,"ssl_p2s_crlpath")) {
+		if (variables.ssl_p2s_crlpath) free(variables.ssl_p2s_crlpath);
+		variables.ssl_p2s_crlpath=NULL;
+		if (vallen) {
+			if (strcmp(value,"(null)"))
+				variables.ssl_p2s_crlpath=strdup(value);
+		}
+		return true;
+	}
 
 	if (!strcasecmp(name,"auditlog_filename")) {
                 if (value[strlen(value) - 1] == '/') {
@@ -2317,9 +2392,12 @@ MySQL_Threads_Handler::~MySQL_Threads_Handler() {
 	if (variables.eventslog_filename) free(variables.eventslog_filename);
 	if (variables.auditlog_filename) free(variables.auditlog_filename);
 	if (variables.ssl_p2s_ca) free(variables.ssl_p2s_ca);
+	if (variables.ssl_p2s_capath) free(variables.ssl_p2s_capath);
 	if (variables.ssl_p2s_cert) free(variables.ssl_p2s_cert);
 	if (variables.ssl_p2s_key) free(variables.ssl_p2s_key);
 	if (variables.ssl_p2s_cipher) free(variables.ssl_p2s_cipher);
+	if (variables.ssl_p2s_crl) free(variables.ssl_p2s_crl);
+	if (variables.ssl_p2s_crlpath) free(variables.ssl_p2s_crlpath);
 	for (int i=0; i<SQL_NAME_LAST; i++) {
 		if (variables.default_variables[i]) {
 			free(variables.default_variables[i]);
@@ -2452,9 +2530,12 @@ MySQL_Thread::~MySQL_Thread() {
 	if (mysql_thread___eventslog_filename) { free(mysql_thread___eventslog_filename); mysql_thread___eventslog_filename=NULL; }
 	if (mysql_thread___auditlog_filename) { free(mysql_thread___auditlog_filename); mysql_thread___auditlog_filename=NULL; }
 	if (mysql_thread___ssl_p2s_ca) { free(mysql_thread___ssl_p2s_ca); mysql_thread___ssl_p2s_ca=NULL; }
+	if (mysql_thread___ssl_p2s_capath) { free(mysql_thread___ssl_p2s_capath); mysql_thread___ssl_p2s_capath=NULL; }
 	if (mysql_thread___ssl_p2s_cert) { free(mysql_thread___ssl_p2s_cert); mysql_thread___ssl_p2s_cert=NULL; }
 	if (mysql_thread___ssl_p2s_key) { free(mysql_thread___ssl_p2s_key); mysql_thread___ssl_p2s_key=NULL; }
 	if (mysql_thread___ssl_p2s_cipher) { free(mysql_thread___ssl_p2s_cipher); mysql_thread___ssl_p2s_cipher=NULL; }
+	if (mysql_thread___ssl_p2s_crl) { free(mysql_thread___ssl_p2s_crl); mysql_thread___ssl_p2s_crl=NULL; }
+	if (mysql_thread___ssl_p2s_crlpath) { free(mysql_thread___ssl_p2s_crlpath); mysql_thread___ssl_p2s_crlpath=NULL; }
 
 
 	if (match_regexes) {
@@ -3556,12 +3637,18 @@ void MySQL_Thread::refresh_variables() {
 	// SSL proxy to server
 	if (mysql_thread___ssl_p2s_ca) free(mysql_thread___ssl_p2s_ca);
 	mysql_thread___ssl_p2s_ca=GloMTH->get_variable_string((char *)"ssl_p2s_ca");
+	if (mysql_thread___ssl_p2s_capath) free(mysql_thread___ssl_p2s_capath);
+	mysql_thread___ssl_p2s_capath=GloMTH->get_variable_string((char *)"ssl_p2s_ca");
 	if (mysql_thread___ssl_p2s_cert) free(mysql_thread___ssl_p2s_cert);
 	mysql_thread___ssl_p2s_cert=GloMTH->get_variable_string((char *)"ssl_p2s_cert");
 	if (mysql_thread___ssl_p2s_key) free(mysql_thread___ssl_p2s_key);
 	mysql_thread___ssl_p2s_key=GloMTH->get_variable_string((char *)"ssl_p2s_key");
 	if (mysql_thread___ssl_p2s_cipher) free(mysql_thread___ssl_p2s_cipher);
 	mysql_thread___ssl_p2s_cipher=GloMTH->get_variable_string((char *)"ssl_p2s_cipher");
+	if (mysql_thread___ssl_p2s_crl) free(mysql_thread___ssl_p2s_crl);
+	mysql_thread___ssl_p2s_crl=GloMTH->get_variable_string((char *)"ssl_p2s_crl");
+	if (mysql_thread___ssl_p2s_crlpath) free(mysql_thread___ssl_p2s_crlpath);
+	mysql_thread___ssl_p2s_crlpath=GloMTH->get_variable_string((char *)"ssl_p2s_crlpath");
 
 	mysql_thread___monitor_wait_timeout=(bool)GloMTH->get_variable_int((char *)"monitor_wait_timeout");
 	mysql_thread___monitor_writer_is_also_reader=(bool)GloMTH->get_variable_int((char *)"monitor_writer_is_also_reader");
@@ -3709,9 +3796,12 @@ MySQL_Thread::MySQL_Thread() {
 
 	// SSL proxy to server
 	mysql_thread___ssl_p2s_ca=NULL;
+	mysql_thread___ssl_p2s_capath=NULL;
 	mysql_thread___ssl_p2s_cert=NULL;
 	mysql_thread___ssl_p2s_key=NULL;
 	mysql_thread___ssl_p2s_cipher=NULL;
+	mysql_thread___ssl_p2s_crl=NULL;
+	mysql_thread___ssl_p2s_crlpath=NULL;
 
 	last_maintenance_time=0;
 	maintenance_loop=true;
diff --git a/lib/mysql_connection.cpp b/lib/mysql_connection.cpp
index 73550c517..bcbf5eac3 100644
--- a/lib/mysql_connection.cpp
+++ b/lib/mysql_connection.cpp
@@ -659,7 +659,14 @@ void MySQL_Connection::connect_start() {
 		mysql_options4(mysql, MYSQL_OPT_CONNECT_ATTR_ADD, "mysql_bug_102266", "Avoid MySQL bug https://bugs.mysql.com/bug.php?id=102266 , https://github.com/sysown/proxysql/issues/3276");
 	}
 	if (parent->use_ssl) {
-		mysql_ssl_set(mysql, mysql_thread___ssl_p2s_key, mysql_thread___ssl_p2s_cert, mysql_thread___ssl_p2s_ca, NULL, mysql_thread___ssl_p2s_cipher);
+		mysql_ssl_set(mysql,
+				mysql_thread___ssl_p2s_key,
+				mysql_thread___ssl_p2s_cert,
+				mysql_thread___ssl_p2s_ca,
+				mysql_thread___ssl_p2s_capath,
+				mysql_thread___ssl_p2s_cipher);
+		mysql_options(mysql, MYSQL_OPT_SSL_CRL, mysql_thread___ssl_p2s_crl);
+		mysql_options(mysql, MYSQL_OPT_SSL_CRLPATH, mysql_thread___ssl_p2s_crlpath);
 	}
 	unsigned int timeout= 1;
 	const char *csname = NULL;

From 8126c7d037074a169fb182d60e7b6d07c41feaa3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ren=C3=A9=20Canna=C3=B2?= <rene.cannao@gmail.com>
Date: Tue, 24 Aug 2021 15:51:04 +0200
Subject: [PATCH 14/14] Fix typo ssl_p2_capath instead of ssl_p2s_capath

---
 lib/MySQL_Thread.cpp | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/lib/MySQL_Thread.cpp b/lib/MySQL_Thread.cpp
index c9047d9c9..4c406d10d 100644
--- a/lib/MySQL_Thread.cpp
+++ b/lib/MySQL_Thread.cpp
@@ -1282,11 +1282,11 @@ char * MySQL_Threads_Handler::get_variable_string(char *name) {
 				return strdup(variables.ssl_p2s_cert);
 			}
 		}
-		if (!strcmp(name,"ssl_p2_capath")) {
-			if (variables.ssl_p2_capath==NULL || strlen(variables.ssl_p2_capath)==0) {
+		if (!strcmp(name,"ssl_p2s_capath")) {
+			if (variables.ssl_p2s_capath==NULL || strlen(variables.ssl_p2s_capath)==0) {
 				return NULL;
 			} else {
-				return strdup(variables.ssl_p2_capath);
+				return strdup(variables.ssl_p2s_capath);
 			}
 		}
 		if (!strcmp(name,"ssl_p2s_key")) {