On 12/03/2014 12:29, Rainer Jung wrote: > On 12.03.2014 11:37, Jim Jagielski wrote: >> At the very least, upgrading from 2.4.7 to 2.4.8 should not >> cause this much pain. I will let the vote run a bit more to >> gauge additional feedback, but my sense says that 2.4.8 >> will likely be revoked/dropped and 2.4.9 will be proposed >> which either (1) removes r1573360 or (2) fixes this bug. > > Agreed, if it were only about 1.0.1e vs. 1.0.1f it would be not that big > an issue but since all Major versions seem to show the behavior and > there's no easy workaround for 0.9.8 except upgrading to 1.x, I'd say we > should implement the workaround suggested by Steve. >
Applied to trunk as r1576741. I've tried to keep the changes to the absolute minimum. I've tested OpenSSL 0.9.8y without this change and can reproduce the crash. It doesn't crash with this fix. Steve. -- Dr Stephen Henson. OpenSSL Software Foundation, Inc. 1829 Mount Ephraim Road Adamstown, MD 21710 +1 877-673-6775 shen...@opensslfoundation.com
