Commit 989d87cb1a174a951efd829ff6b2f68a322f9df8 for 1.0.1 was shortly after improved by commit dac3654e2d89d43807e7b8e4b9da86ae1d33fe2b. It changed "s->s3->wnum < INT_MAX" to "s->s3->wnum <= INT_MAX" (lower or equals instead of lower than).
The backports to 1.0.0 and 0.9.8 only contained the first commit, not the second, so 1.0.1 allow lower or equals INT_MAX, but 0.9.8 and 1.0.0 only allow lower than INT_MAX. Patch (1.0.0): --- ssl/s3_pkt.c 2014-06-05 11:41:31.000000000 +0200 +++ ssl/s3_pkt.c 2014-06-05 18:31:57.659093000 +0200 @@ -583,7 +583,7 @@ int i,tot; s->rwstate=SSL_NOTHING; - OPENSSL_assert(s->s3->wnum < INT_MAX); + OPENSSL_assert(s->s3->wnum <= INT_MAX); tot=s->s3->wnum; s->s3->wnum=0; The patches seem to be completely missing from 1.0.2 and trunk/master. Regards, Rainer ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org