[openssl.org #3377] 0.9.8za/1.0.0m incomplete backport from 1.0.1h in ssl/s3_pkt.c

[Rainer Jung via RT]

Commit 989d87cb1a174a951efd829ff6b2f68a322f9df8  for 1.0.1 was shortly
after improved by commit dac3654e2d89d43807e7b8e4b9da86ae1d33fe2b. It
changed "s->s3->wnum < INT_MAX" to "s->s3->wnum <= INT_MAX" (lower or
equals instead of lower than).

The backports to 1.0.0 and 0.9.8 only contained the first commit, not
the second, so 1.0.1 allow lower or equals INT_MAX, but 0.9.8 and 1.0.0
only allow lower than INT_MAX.

Patch (1.0.0):

--- ssl/s3_pkt.c        2014-06-05 11:41:31.000000000 +0200
+++ ssl/s3_pkt.c        2014-06-05 18:31:57.659093000 +0200
@@ -583,7 +583,7 @@
        int i,tot;

        s->rwstate=SSL_NOTHING;
-       OPENSSL_assert(s->s3->wnum < INT_MAX);
+       OPENSSL_assert(s->s3->wnum <= INT_MAX);
        tot=s->s3->wnum;
        s->s3->wnum=0;


The patches seem to be completely missing from 1.0.2 and trunk/master.

Regards,

Rainer

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       openssl-dev@openssl.org
Automated List Manager                           majord...@openssl.org